inpothet

Vyos conf

Oct 8th, 2020
22
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. set firewall all-ping 'enable'
  2. set firewall broadcast-ping 'enable'
  3. set firewall config-trap 'disable'
  4. set firewall ipv6-receive-redirects 'disable'
  5. set firewall ipv6-src-route 'disable'
  6. set firewall ip-src-route 'disable'
  7. set firewall log-martians 'enable'
  8. set firewall name OUTSIDE-IN default-action 'drop'
  9. set firewall name OUTSIDE-IN rule 10 action 'accept'
  10. set firewall name OUTSIDE-IN rule 10 state established 'enable'
  11. set firewall name OUTSIDE-IN rule 10 state related 'enable'
  12. set firewall name OUTSIDE-IN rule 9000 action 'accept'
  13. set firewall name OUTSIDE-LOCAL default-action 'drop'
  14. set firewall name OUTSIDE-LOCAL rule 10 action 'accept'
  15. set firewall name OUTSIDE-LOCAL rule 10 state established 'enable'
  16. set firewall name OUTSIDE-LOCAL rule 10 state related 'enable'
  17. set firewall name OUTSIDE-LOCAL rule 20 action 'accept'
  18. set firewall name OUTSIDE-LOCAL rule 20 icmp type-name 'echo-request'
  19. set firewall name OUTSIDE-LOCAL rule 20 protocol 'icmp'
  20. set firewall name OUTSIDE-LOCAL rule 20 state new 'enable'
  21. set firewall receive-redirects 'disable'
  22. set firewall send-redirects 'enable'
  23. set firewall source-validation 'disable'
  24. set firewall state-policy established action 'accept'
  25. set firewall state-policy related action 'accept'
  26. set firewall syn-cookies 'enable'
  27. set firewall twa-hazards-protection 'disable'
  28. set interfaces ethernet eth0 address 'xxx.xxx.1.1/24'
  29. set interfaces ethernet eth0 description 'Management'
  30. set interfaces ethernet eth0 vif 2 address 'dhcp'
  31. set interfaces ethernet eth0 vif 2 description 'Ziggo Uplink'
  32. set interfaces ethernet eth0 vif 2 firewall in name 'OUTSIDE-IN'
  33. set interfaces ethernet eth0 vif 2 firewall local name 'OUTSIDE-LOCAL'
  34. set interfaces ethernet eth0 vif 5 address 'xxx.xxx.5.1/24'
  35. set interfaces ethernet eth0 vif 5 address 'xxxx:xxxx:7a1b:2::1/64'
  36. set interfaces ethernet eth0 vif 5 description 'Server Network'
  37. set interfaces ethernet eth0 vif 8 address 'xxx.xxx.8.1/24'
  38. set interfaces ethernet eth0 vif 8 description 'VPN Network'
  39. set interfaces ethernet eth0 vif 9 address 'xxx.xxx.9.1/24'
  40. set interfaces ethernet eth0 vif 9 description 'Storage Network'
  41. set interfaces ethernet eth0 vif 10 address 'xxx.xxx.10.1/24'
  42. set interfaces ethernet eth0 vif 10 address 'xxxx:xxxx:7a1b:1::1/64'
  43. set interfaces ethernet eth0 vif 10 description 'LAN'
  44. set interfaces ethernet eth0 vif 12 address 'xxx.xxx.12.1/24'
  45. set interfaces ethernet eth0 vif 12 description 'IOT WLAN'
  46. set interfaces ethernet eth0 vif 13 address 'xxx.xxx.13.1/24'
  47. set interfaces ethernet eth0 vif 13 description 'Guest WLAN'
  48. set interfaces ethernet eth1 vif 300 address 'dhcp'
  49. set interfaces ethernet eth1 vif 300 description 'T-Mobile WAN'
  50. set interfaces ethernet eth1 vif 300 firewall in name 'OUTSIDE-IN'
  51. set interfaces ethernet eth1 vif 300 firewall local name 'OUTSIDE-LOCAL'
  52. set interfaces loopback lo
  53. set interfaces tunnel tun0 address 'xxxx:xxxx:1f14:602::2/64'
  54. set interfaces tunnel tun0 description 'HE.NET IPv6 Tunnel'
  55. set interfaces tunnel tun0 encapsulation 'sit'
  56. set interfaces tunnel tun0 local-ip 'xxx.xxx.114.217'
  57. set interfaces tunnel tun0 multicast 'disable'
  58. set interfaces tunnel tun0 remote-ip 'xxx.xxx.84.46'
  59. set load-balancing wan interface-health eth0.2 failure-count '3'
  60. set load-balancing wan interface-health eth0.2 nexthop 'dhcp'
  61. set load-balancing wan interface-health eth0.2 success-count '1'
  62. set load-balancing wan interface-health eth0.2 test 10 resp-time '5'
  63. set load-balancing wan interface-health eth0.2 test 10 target 'xxx.xxx.8.8'
  64. set load-balancing wan interface-health eth0.2 test 10 ttl-limit '1'
  65. set load-balancing wan interface-health eth0.2 test 10 type 'ping'
  66. set load-balancing wan interface-health eth1.300 failure-count '3'
  67. set load-balancing wan interface-health eth1.300 nexthop 'dhcp'
  68. set load-balancing wan interface-health eth1.300 success-count '1'
  69. set load-balancing wan interface-health eth1.300 test 10 resp-time '5'
  70. set load-balancing wan interface-health eth1.300 test 10 target 'xxx.xxx.8.8'
  71. set load-balancing wan interface-health eth1.300 test 10 ttl-limit '1'
  72. set load-balancing wan interface-health eth1.300 test 10 type 'ping'
  73. set load-balancing wan rule 10 inbound-interface 'eth0.10'
  74. set load-balancing wan rule 10 interface eth0.2 weight '1'
  75. set load-balancing wan rule 10 interface eth1.300 weight '10'
  76. set load-balancing wan rule 10 protocol 'all'
  77. set load-balancing wan rule 15 inbound-interface 'eth0.5'
  78. set load-balancing wan rule 15 interface eth0.2 weight '1'
  79. set load-balancing wan rule 15 interface eth1.300 weight '1'
  80. set load-balancing wan rule 15 protocol 'all'
  81. set load-balancing wan rule 16 inbound-interface 'eth0.12'
  82. set load-balancing wan rule 16 interface eth0.2 weight '1'
  83. set load-balancing wan rule 16 interface eth1.300 weight '1'
  84. set load-balancing wan rule 16 protocol 'all'
  85. set load-balancing wan rule 17 inbound-interface 'eth0.13'
  86. set load-balancing wan rule 17 interface eth0.2 weight '1'
  87. set load-balancing wan rule 17 interface eth1.300 weight '1'
  88. set load-balancing wan rule 17 protocol 'all'
  89. set load-balancing wan sticky-connections inbound
  90. set nat destination rule 100 description 'Transmission Daemon'
  91. set nat destination rule 100 destination port '51413'
  92. set nat destination rule 100 inbound-interface 'eth1.300'
  93. set nat destination rule 100 protocol 'tcp_udp'
  94. set nat destination rule 100 translation address 'xxx.xxx.5.251'
  95. set nat destination rule 100 translation port '51413'
  96. set nat destination rule 101 description 'SSH to Senko'
  97. set nat destination rule 101 destination port '22'
  98. set nat destination rule 101 inbound-interface 'eth1.300'
  99. set nat destination rule 101 protocol 'tcp'
  100. set nat destination rule 101 translation address 'xxx.xxx.5.254'
  101. set nat destination rule 101 translation port '22'
  102. set nat destination rule 102 description 'HTTPS to Senko'
  103. set nat destination rule 102 destination port '443'
  104. set nat destination rule 102 inbound-interface 'eth1.300'
  105. set nat destination rule 102 protocol 'tcp_udp'
  106. set nat destination rule 102 translation address 'xxx.xxx.5.254'
  107. set nat destination rule 102 translation port '443'
  108. set nat destination rule 103 description 'HTTP to Senko'
  109. set nat destination rule 103 destination port '80'
  110. set nat destination rule 103 inbound-interface 'eth1.300'
  111. set nat destination rule 103 protocol 'tcp'
  112. set nat destination rule 103 translation address 'xxx.xxx.5.254'
  113. set nat destination rule 103 translation port '80'
  114. set nat destination rule 200 description 'Transmission Daemon'
  115. set nat destination rule 200 destination port '51413'
  116. set nat destination rule 200 inbound-interface 'eth0.2'
  117. set nat destination rule 200 protocol 'tcp_udp'
  118. set nat destination rule 200 translation address 'xxx.xxx.5.251'
  119. set nat destination rule 200 translation port '51413'
  120. set nat destination rule 201 description 'SSH to Senko'
  121. set nat destination rule 201 destination port '22'
  122. set nat destination rule 201 inbound-interface 'eth0.2'
  123. set nat destination rule 201 protocol 'tcp_udp'
  124. set nat destination rule 201 translation address 'xxx.xxx.5.254'
  125. set nat destination rule 201 translation port '22'
  126. set nat destination rule 202 description 'HTTPS to Senko'
  127. set nat destination rule 202 destination port '443'
  128. set nat destination rule 202 inbound-interface 'eth0.2'
  129. set nat destination rule 202 protocol 'tcp_udp'
  130. set nat destination rule 202 translation address 'xxx.xxx.5.254'
  131. set nat destination rule 202 translation port '443'
  132. set nat destination rule 203 description 'HTTP to Senko'
  133. set nat destination rule 203 destination port '80'
  134. set nat destination rule 203 inbound-interface 'eth0.2'
  135. set nat destination rule 203 protocol 'tcp_udp'
  136. set nat destination rule 203 translation address 'xxx.xxx.5.254'
  137. set nat destination rule 203 translation port '80'
  138. set nat source rule 105 outbound-interface 'eth1.300'
  139. set nat source rule 105 source address 'xxx.xxx.5.0/24'
  140. set nat source rule 105 translation address 'masquerade'
  141. set nat source rule 108 outbound-interface 'eth1.300'
  142. set nat source rule 108 source address 'xxx.xxx.8.0/24'
  143. set nat source rule 108 translation address 'masquerade'
  144. set nat source rule 110 outbound-interface 'eth1.300'
  145. set nat source rule 110 source address 'xxx.xxx.10.0/24'
  146. set nat source rule 110 translation address 'masquerade'
  147. set nat source rule 112 outbound-interface 'eth1.300'
  148. set nat source rule 112 source address 'xxx.xxx.12.0/24'
  149. set nat source rule 112 translation address 'masquerade'
  150. set nat source rule 113 outbound-interface 'eth1.300'
  151. set nat source rule 113 source address 'xxx.xxx.13.0/24'
  152. set nat source rule 113 translation address 'masquerade'
  153. set nat source rule 205 outbound-interface 'eth0.2'
  154. set nat source rule 205 source address 'xxx.xxx.5.0/24'
  155. set nat source rule 205 translation address 'masquerade'
  156. set nat source rule 210 outbound-interface 'eth0.2'
  157. set nat source rule 210 source address 'xxx.xxx.10.0/24'
  158. set nat source rule 210 translation address 'masquerade'
  159. set nat source rule 212 outbound-interface 'eth0.2'
  160. set nat source rule 212 source address 'xxx.xxx.12.0/24'
  161. set nat source rule 212 translation address 'masquerade'
  162. set nat source rule 213 outbound-interface 'eth0.2'
  163. set nat source rule 213 source address 'xxx.xxx.13.0/24'
  164. set nat source rule 213 translation address 'masquerade'
  165. set protocols static interface-route6 ::/0 next-hop-interface tun0
  166. set service dhcp-server shared-network-name xxxxxx authoritative
  167. set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.13.0/24 default-router 'xxx.xxx.13.1'
  168. set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.13.0/24 dns-server 'xxx.xxx.5.3'
  169. set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.13.0/24 lease '86400'
  170. set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.13.0/24 range 0 start 'xxx.xxx.13.2'
  171. set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.13.0/24 range 0 stop 'xxx.xxx.13.253'
  172. set service dhcp-server shared-network-name xxxxxx authoritative
  173. set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.12.0/24 default-router 'xxx.xxx.12.1'
  174. set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.12.0/24 dns-server 'xxx.xxx.5.3'
  175. set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.12.0/24 lease '86400'
  176. set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.12.0/24 range 0 start 'xxx.xxx.12.2'
  177. set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.12.0/24 range 0 stop 'xxx.xxx.12.253'
  178. set service dhcp-server shared-network-name xxxxxx authoritative
  179. set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 default-router 'xxx.xxx.10.1'
  180. set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 dns-server 'xxx.xxx.5.3'
  181. set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 lease '86400'
  182. set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 range 0 start 'xxx.xxx.10.2'
  183. set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 range 0 stop 'xxx.xxx.10.254'
  184. set service snmp location xxxxxx
  185. set service snmp v3 engineid '0001'
  186. set service snmp v3 group default mode 'ro'
  187. set service snmp v3 group default view 'default'
  188. set service snmp v3 user xxxxxx auth encrypted-password xxxxxx
  189. set service snmp v3 user xxxxxx auth type 'sha'
  190. set service snmp v3 user xxxxxx group 'default'
  191. set service snmp v3 user xxxxxx privacy encrypted-password xxxxxx
  192. set service snmp v3 user xxxxxx privacy type 'aes'
  193. set service snmp v3 view default oid 1
  194. set service ssh listen-address 'xxx.xxx.1.1'
  195. set service ssh port '22'
  196. set system config-management commit-revisions '100'
  197. set system console device ttyS0 speed '115200'
  198. set system host-name xxxxxx
  199. set system login user xxxxxx authentication encrypted-password xxxxxx
  200. set system login user xxxxxx authentication plaintext-password xxxxxx
  201. set system name-server 'xxx.xxx.5.3'
  202. set system name-server 'xxxx:xxxx:4700::1111'
  203. set system name-server 'xxxx:xxxx:4700::1001'
  204. set system name-servers-dhcp 'eth1.300'
  205. set system ntp server xxxxx.tld
  206. set system ntp server xxxxx.tld
  207. set system ntp server xxxxx.tld
  208. set system syslog global facility all level 'info'
  209. set system syslog global facility protocols level 'debug'
  210.  
RAW Paste Data