firewall {

1. firewall {
2. all-ping enable
3. broadcast-ping disable
4. ipv6-name WANv6_IN {
5. default-action drop
6. description "WAN IPv6 naar LAN"
7. rule 10 {
8. action accept
9. description "Allow established/related"
10. state {
11. established enable
12. related enable
13. }
14. }
15. rule 20 {
16. action drop
17. description "Drop invalid state"
18. state {
19. invalid enable
20. }
21. }
22. rule 30 {
23. action accept
24. description "Allow IPv6 icmp"
25. icmpv6 {
26. type echo-request
27. }
28. protocol ipv6-icmp
29. }
30. }
31. ipv6-name WANv6_LOCAL {
32. default-action drop
33. description "WAN IPv6 naar Router"
34. rule 10 {
35. action accept
36. description "Allow established/related"
37. state {
38. established enable
39. related enable
40. }
41. }
42. rule 20 {
43. action drop
44. description "Drop invalid state"
45. state {
46. invalid enable
47. }
48. }
49. rule 30 {
50. action accept
51. description "Allow IPv6 icmp"
52. protocol ipv6-icmp
53. }
54. rule 40 {
55. action accept
56. description "Allow dhcpv6"
57. destination {
58. port 546
59. }
60. protocol udp
61. source {
62. port 547
63. }
64. }
65. }
66. ipv6-receive-redirects disable
67. ipv6-src-route disable
68. ip-src-route disable
69. log-martians enable
70. name WAN_IN {
71. default-action drop
72. description "WAN naar LAN"
73. rule 10 {
74. action accept
75. description "Allow established/related"
76. log disable
77. state {
78. established enable
79. related enable
80. }
81. }
82. rule 20 {
83. action accept
84. description "Allow 27015 traffic"
85. destination {
86. port 27015
87. }
88. log disable
89. protocol tcp_udp
90. }
91. rule 40 {
92. action accept
93. description "Allow 9987 teamspeak"
94. destination {
95. port 9987
96. }
97. log disable
98. protocol tcp_udp
99. }
100. rule 50 {
101. action accept
102. description "Allow 80 traffic"
103. destination {
104. port 80
105. }
106. log disable
107. protocol tcp_udp
108. }
109. rule 60 {
110. action accept
111. description "Allow 443"
112. destination {
113. port 443
114. }
115. log disable
116. protocol tcp_udp
117. }
118. rule 70 {
119. action drop
120. description "Drop invalid state"
121. state {
122. invalid enable
123. }
124. }
125. }
126. name WAN_LOCAL {
127. default-action drop
128. description "WAN naar Router"
129. rule 10 {
130. action accept
131. description "Allow established/related"
132. log disable
133. state {
134. established enable
135. invalid disable
136. new disable
137. related enable
138. }
139. }
140. rule 20 {
141. action drop
142. description "Drop invalid state"
143. state {
144. established disable
145. invalid enable
146. new disable
147. related disable
148. }
149. }
150. }
151. options {
152. mss-clamp {
153. interface-type all
154. mss 1412
155. }
156. }
157. receive-redirects disable
158. send-redirects enable
159. source-validation disable
160. syn-cookies enable
161. }
162. interfaces {
163. ethernet eth0 {
164. description FTTH
165. duplex auto
166. speed auto
167. vif 4 {
168. address dhcp
169. description "KPN IPTV"
170. dhcp-options {
171. client-option "send vendor-class-identifier "IPTV_RG";
172. "
173. client-option "request subnet-mask, routers, rfc3442-classless-s
174. tatic-routes;"
175. default-route no-update
176. default-route-distance 210
177. name-server update
178. }
179. mtu 1500
180. }
181. vif 6 {
182. description "KPN Internet"
183. pppoe 0 {
184. default-route auto
185. dhcpv6-pd {
186. no-dns
187. pd 0 {
188. interface eth1 {
189. prefix-id :1
190. service slaac
191. }
192. interface switch0 {
193. host-address ::1
194. prefix-id :1
195. service slaac
196. }
197. prefix-length /48
198. }
199. rapid-commit disable
200. }
201. firewall {
202. in {
203. ipv6-name WANv6_IN
204. name WAN_IN
205. }
206. local {
207. ipv6-name WANv6_LOCAL
208. name WAN_LOCAL
209. }
210. }
211. idle-timeout 180
212. ipv6 {
213. address {
214. autoconf
215. }
216. dup-addr-detect-transmits 1
217. enable {
218. }
219. }
220. mtu 1500
221. name-server auto
222. password ****************
223. user-id 74-83-c2-72-b2-e7@internet
224. }
225. }
226. }
227. ethernet eth1 {
228. description "Poort 1 TV ontvanger"
229. duplex auto
230. speed auto
231. }
232. ethernet eth2 {
233. description "Poort 2 TV woonkamer"
234. duplex auto
235. speed auto
236. }
237. ethernet eth3 {
238. description "Poort 3 gaming pc woonkamer"
239. duplex auto
240. speed auto
241. }
242. ethernet eth4 {
243. description "Poort 4 Accesspoint woonkamer"
244. duplex auto
245. speed auto
246. }
247. ethernet eth5 {
248. description "Poort 5 uplink 2e verdieping switcdh"
249. duplex auto
250. speed auto
251. }
252. ethernet eth6 {
253. duplex auto
254. speed auto
255. }
256. ethernet eth7 {
257. duplex auto
258. speed auto
259. }
260. ethernet eth8 {
261. duplex auto
262. speed auto
263. }
264. ethernet eth9 {
265. description "Poort 9 Accesspoint 2de verdieping"
266. duplex auto
267. poe {
268. output off
269. }
270. speed auto
271. }
272. loopback lo {
273. }
274. switch switch0 {
275. address 192.168.178.254/24
276. description "Thuis netwerk"
277. ipv6 {
278. dup-addr-detect-transmits 1
279. router-advert {
280. cur-hop-limit 64
281. link-mtu 0
282. managed-flag false
283. max-interval 600
284. name-server 2a02:a47f:e000::53
285. name-server 2a02:a47f:e000::54
286. other-config-flag false
287. prefix ::/64 {
288. autonomous-flag true
289. on-link-flag true
290. valid-lifetime 2592000
291. }
292. radvd-options "RDNSS 2a02:a47f:e000::53 2a02:a47f:e000::54 {};"
293. reachable-time 0
294. retrans-timer 0
295. send-advert true
296. }
297. }
298. mtu 1500
299. switch-port {
300. interface eth1 {
301. }
302. interface eth2 {
303. }
304. interface eth3 {
305. }
306. interface eth4 {
307. }
308. interface eth5 {
309. }
310. interface eth6 {
311. }
312. interface eth7 {
313. }
314. interface eth8 {
315. }
316. interface eth9 {
317. }
318. vlan-aware disable
319. }
320. }
321. }
322. port-forward {
323. auto-firewall enable
324. hairpin-nat enable
325. lan-interface switch0
326. rule 1 {
327. description "CSGO server S01"
328. forward-to {
329. address 192.168.178.10
330. port 27015
331. }
332. original-port 27015
333. protocol tcp_udp
334. }
335. rule 2 {
336. description "TeamSpeak server S01"
337. forward-to {
338. address 192.168.178.10
339. port 9987
340. }
341. original-port 9987
342. protocol tcp_udp
343. }
344. rule 3 {
345. description "http s01"
346. forward-to {
347. address 192.168.178.10
348. port 80
349. }
350. original-port 80
351. protocol tcp_udp
352. }
353. rule 4 {
354. description "https s01"
355. forward-to {
356. address 192.168.178.10
357. port 443
358. }
359. original-port 443
360. protocol tcp_udp
361. }
362. rule 5 {
363. description ftp
364. forward-to {
365. address 192.168.178.10
366. port 21
367. }
368. original-port 21
369. protocol tcp_udp
370. }
371. wan-interface pppoe0
372. }
373. protocols {
374. igmp-proxy {
375. interface eth0.4 {
376. alt-subnet 0.0.0.0/0
377. role upstream
378. threshold 1
379. }
380. interface switch0 {
381. alt-subnet 0.0.0.0/0
382. role downstream
383. threshold 1
384. }
385. }
386. static {
387. interface-route6 ::/0 {
388. next-hop-interface pppoe0 {
389. }
390. }
391. }
392. }
393. service {
394. dhcp-server {
395. disabled false
396. global-parameters "option vendor-class-identifier code 60 = string;"
397. global-parameters "option broadcast-address code 28 = ip-address;"
398. hostfile-update disable
399. shared-network-name Thuis-Mark {
400. authoritative disable
401. subnet 192.168.178.0/24 {
402. default-router 192.168.178.254
403. dns-server 195.121.1.34
404. dns-server 195.121.1.66
405. lease 86400
406. start 192.168.178.50 {
407. stop 192.168.178.199
408. }
409. }
410. }
411. static-arp disable
412. use-dnsmasq enable
413. }
414. dns {
415. forwarding {
416. cache-size 4000
417. listen-on switch0
418. name-server 195.121.1.34
419. name-server 195.121.1.66
420. name-server 2a02:a47f:e000::53
421. name-server 2a02:a47f:e000::54
422. options listen-address=192.168.2.254
423. }
424. }
425. gui {
426. http-port 80
427. https-port 443
428. older-ciphers enable
429. }
430. nat {
431. rule 5000 {
432. description IPTV
433. destination {
434. address 213.75.112.0/21
435. }
436. log disable
437. outbound-interface eth0.4
438. protocol all
439. source {
440. address 192.168.178.0/24
441. }
442. type masquerade
443. }
444. rule 5010 {
445. description Internet
446. log enable
447. outbound-interface pppoe0
448. protocol all
449. type masquerade
450. }
451. }
452. ssh {
453. port 22
454. protocol-version v2
455. }
456. telnet {
457. port 23
458. }
459. unms {
460. connection wss://fuuv.unmsapp.com:443+csIifnmNaIEBrKKq13NBGRPGgCRE1gHapp
461. ecmRlYDaYAAAAA+allowUntrustedCertificate
462. }
463. upnp {
464. listen-on switch0 {
465. outbound-interface pppoe0
466. }
467. }
468. }
469. system {
470. conntrack {
471. expect-table-size 2048
472. hash-size 32768
473. modules {
474. sip {
475. disable
476. }
477. }
478. table-size 262144
479. }
480. domain-name thuis.local
481. host-name Thuis
482. login {
483. user admin {
484. authentication {
485. encrypted-password ****************
486. plaintext-password ****************
487. }
488. level admin
489. }
490. }
491. name-server 127.0.0.1
492. ntp {
493. server 0.nl.pool.ntp.org {
494. }
495. server 1.nl.pool.ntp.org {
496. }
497. server ntp0.nl.net {
498. }
499. server ntp1.nl.net {
500. }
501. server time.kpn.net {
502. }
503. }
504. offload {
505. hwnat enable
506. ipsec enable
507. }
508. syslog {
509. global {
510. facility all {
511. level notice
512. }
513. facility protocols {
514. level debug
515. }
516. }
517. }
518. time-zone Europe/Amsterdam
519. traffic-analysis {
520. dpi enable
521. export enable
522. }
523. }
524. admin@Thuis:~$ H