Created
June 11, 2016 13:58
-
-
Save ryao/e46e8b47bd96058589aca2355505b559 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
firewall { | |
all-ping enable | |
broadcast-ping disable | |
ipv6-receive-redirects disable | |
ipv6-src-route disable | |
ip-src-route disable | |
log-martians enable | |
name Internet { | |
default-action drop | |
description "Incoming Connections" | |
rule 1 { | |
action accept | |
description Established | |
log enable | |
protocol all | |
state { | |
established enable | |
invalid disable | |
new disable | |
related disable | |
} | |
} | |
rule 2 { | |
action drop | |
description Private | |
log disable | |
protocol all | |
source { | |
address 192.168.0.0/16 | |
} | |
} | |
rule 3 { | |
action drop | |
description Private | |
log disable | |
protocol all | |
source { | |
address 10.0.0.0/8 | |
} | |
} | |
} | |
name Local { | |
default-action drop | |
description Router | |
rule 1 { | |
action accept | |
description "HE Tunnel broker exception" | |
log disable | |
protocol icmp | |
source { | |
address 66.220.2.74 | |
} | |
} | |
rule 2 { | |
action accept | |
description "HE Tunnel broker exception" | |
log disable | |
protocol 41 | |
source { | |
address 209.51.161.14 | |
} | |
} | |
} | |
name VoIP { | |
default-action accept | |
description "" | |
enable-default-log | |
rule 1 { | |
action accept | |
description Local | |
destination { | |
address 192.168.2.0/24 | |
} | |
log disable | |
protocol all | |
source { | |
address 192.168.2.0/24 | |
} | |
} | |
rule 2 { | |
action drop | |
description Private | |
destination { | |
address 192.168.0.0/16 | |
} | |
log enable | |
protocol all | |
source { | |
} | |
} | |
rule 3 { | |
action drop | |
description Private | |
destination { | |
address 10.0.0.0/8 | |
} | |
log enable | |
protocol all | |
} | |
} | |
receive-redirects disable | |
send-redirects enable | |
source-validation disable | |
syn-cookies enable | |
} | |
interfaces { | |
ethernet eth0 { | |
address dhcp | |
duplex auto | |
firewall { | |
in { | |
name Internet | |
} | |
local { | |
name Local | |
} | |
} | |
speed auto | |
} | |
ethernet eth1 { | |
address 192.168.1.1/24 | |
address xxxx:yyyy:zzzz:::1/64 | |
duplex auto | |
ipv6 { | |
dup-addr-detect-transmits 1 | |
router-advert { | |
cur-hop-limit 64 | |
link-mtu 0 | |
managed-flag false | |
max-interval 300 | |
other-config-flag false | |
prefix xxxx:yyyy:zzzz::/64 { | |
autonomous-flag true | |
on-link-flag true | |
valid-lifetime 2592000 | |
} | |
reachable-time 0 | |
retrans-timer 0 | |
send-advert true | |
} | |
} | |
speed auto | |
} | |
ethernet eth2 { | |
address 192.168.2.1/24 | |
description eth2 | |
duplex auto | |
firewall { | |
in { | |
name VoIP | |
} | |
} | |
speed auto | |
} | |
loopback lo { | |
} | |
tunnel tun0 { | |
address xxxx:yyyy:zzzz:aaaa::2/64 | |
description "HE IPv6 Tunnel" | |
encapsulation sit | |
local-ip a.b.c.d | |
multicast disable | |
remote-ip 209.51.161.14 | |
ttl 255 | |
} | |
} | |
protocols { | |
static { | |
interface-route6 ::/0 { | |
next-hop-interface tun0 { | |
} | |
} | |
route6 ::/0 { | |
next-hop ::209.51.161.14 { | |
interface tun0 | |
} | |
} | |
} | |
} | |
service { | |
dhcp-server { | |
disabled false | |
hostfile-update disable | |
shared-network-name LAN { | |
authoritative disable | |
subnet 192.168.1.0/24 { | |
default-router 192.168.1.1 | |
dns-server 8.8.4.4 | |
dns-server 8.8.8.8 | |
lease 86400 | |
start 192.168.1.100 { | |
stop 192.168.1.199 | |
} | |
} | |
} | |
shared-network-name VoIP { | |
authoritative disable | |
subnet 192.168.2.0/24 { | |
default-router 192.168.2.1 | |
dns-server 8.8.8.8 | |
dns-server 8.8.4.4 | |
lease 86400 | |
start 192.168.2.100 { | |
stop 192.168.2.199 | |
} | |
} | |
} | |
} | |
dns { | |
} | |
gui { | |
https-port 443 | |
} | |
nat { | |
rule 5000 { | |
description NAT | |
log disable | |
outbound-interface eth0 | |
protocol all | |
type masquerade | |
} | |
} | |
ssh { | |
port 22 | |
protocol-version v2 | |
} | |
} | |
system { | |
conntrack { | |
expect-table-size 4096 | |
hash-size 4096 | |
table-size 32768 | |
tcp { | |
half-open-connections 512 | |
loose enable | |
max-retrans 3 | |
} | |
} | |
host-name ubnt | |
login { | |
user ubnt { | |
authentication { | |
encrypted-password $6$7Ee7gIqZQmSXn8wi$M4.Cpye1Tcnf6oUXDd5icuhwGhVNEDzYbXMW1CRYbZHo1Q9ahYZEMs6iN1.7TI9.ghZ5cyGAgPbT4.fbMX15D1 | |
plaintext-password "" | |
} | |
level admin | |
} | |
} | |
ntp { | |
server 0.ubnt.pool.ntp.org { | |
} | |
server 1.ubnt.pool.ntp.org { | |
} | |
server 2.ubnt.pool.ntp.org { | |
} | |
server 3.ubnt.pool.ntp.org { | |
} | |
} | |
offload { | |
ipsec enable | |
ipv4 { | |
forwarding enable | |
} | |
ipv6 { | |
forwarding disable | |
} | |
} | |
syslog { | |
global { | |
facility all { | |
level notice | |
} | |
facility protocols { | |
level debug | |
} | |
} | |
} | |
time-zone UTC | |
} | |
/* Warning: Do not remove the following line. */ | |
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */ | |
/* Release version: v1.8.0.4853089.160219.1607 */ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment