LeePorte · February 13, 2019 19:31
diff --git a/config.boot b/config.boot
 firewall {
    all-ping enable
    broadcast-ping disable    
    }
    ip-src-route disable
    log-martians enable
    name WAN_IN {
        default-action drop
        description ""
        enable-default-log
        rule 1 {
            action accept
            description "Allow established/related"
            log enable
            state {
                established enable
                related enable
            }
        }
        rule 2 {
            action drop
            description "Drop invalid state"
            log enable
            state {
                invalid enable
            }
        }
    }
    name WAN_LOCAL {
        default-action drop
        description ""
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
    }
    options {
        mss-clamp {
            mss 1500
        }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
 }
 interfaces {
    ethernet eth0 {
        address dhcp
        description Internet
        duplex auto
        firewall {
            in {
            }
            local {
                name WAN_LOCAL
            }
        }
        speed auto
    }
    ethernet eth1 {
        address 192.168.8.1/24
        description LAN
        duplex auto
        speed auto
    }
     ethernet eth2 {
        address 192.168.10.1/24
        description "Local 2"
        duplex auto
        speed auto
    }
    ethernet eth3 {
        duplex auto
        speed auto
    }
    loopback lo {
    }
 }
 port-forward {
    auto-firewall enable
    hairpin-nat enable
    lan-interface eth1
    rule 1 {
        description openvpn-ssl
        forward-to {
            address 192.168.8.41
            port 1194
        }
        original-port 443
        protocol tcp_udp
    }
    rule 2 {
        description openvpn
        forward-to {
            address 192.168.8.41
            port 1194
        }
        original-port 1194
        protocol tcp_udp
    }
    wan-interface eth0
 }
 service {
    dhcp-server {
        disabled false
        hostfile-update disable
        shared-network-name home {
            authoritative disable
            subnet 192.168.8.0/24 {
                default-router 192.168.8.1
                dns-server 192.168.8.1
                lease 3600
                start 192.168.8.80 {
                    stop 192.168.8.250
                }
            }
        }
        static-arp disable
        use-dnsmasq disable
    }
    dns {
        forwarding {
            cache-size 150
            listen-on eth1
            listen-on eth2
            listen-on eth3
            name-server 8.8.8.8
            name-server 8.8.4.4
        }
    }
    gui {
        cert-file /config/ssl/server.pem
        http-port 80
        https-port 443
        older-ciphers disable
    }
    ssh {
        port 22
        protocol-version v2
    }
    unms {
        disable
    }
 }
 system {
    domain-name steveford.co.uk
    host-name ubnt
    login {
        user ubnt {
            authentication {
                encrypted-password $6$U0iuvZhp75kO3$COowr6jfBurdZd08Z4Bi7WivhKKYHU7CdZLs/BPQebsooMVcN22M6WDv2MIskQbbPdvnAquGPp6rGHWiustH.1
                plaintext-password ""
            }
            full-name ""
            level admin
        }
    }
    name-server 8.8.8.8
    ntp {
        server 0.ubnt.pool.ntp.org {
        }
        server 1.ubnt.pool.ntp.org {
        }
        server 2.ubnt.pool.ntp.org {
        }
        server 3.ubnt.pool.ntp.org {
        }
    }
    offload {
        hwnat disable
        ipv4 {
            forwarding enable
            gre enable
            pppoe enable
            vlan enable
        }
    }
    packet-rx-core-num all
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone UTC
    traffic-analysis {
        dpi enable
        export enable
    }
 }


 /* Warning: Do not remove the following line. */
 /* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:suspend@1:system@4:ubnt-pptp@1:ubnt-udapi-server@1:ubnt-unms@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
 /* Release version: v1.10.8.5142457.181120.1810 */
	firewall {
	all-ping enable
	broadcast-ping disable
	}
	ip-src-route disable
	log-martians enable
	name WAN_IN {
	default-action drop
	description ""
	enable-default-log
	rule 1 {
	action accept
	description "Allow established/related"
	log enable
	state {
	established enable
	related enable
	}
	}
	rule 2 {
	action drop
	description "Drop invalid state"
	log enable
	state {
	invalid enable
	}
	}
	}
	name WAN_LOCAL {
	default-action drop
	description ""
	rule 10 {
	action accept
	description "Allow established/related"
	state {
	established enable
	related enable
	}
	}
	rule 20 {
	action drop
	description "Drop invalid state"
	state {
	invalid enable
	}
	}
	}
	options {
	mss-clamp {
	mss 1500
	}
	}
	receive-redirects disable
	send-redirects enable
	source-validation disable
	syn-cookies enable
	}
	interfaces {
	ethernet eth0 {
	address dhcp
	description Internet
	duplex auto
	firewall {
	in {
	}
	local {
	name WAN_LOCAL
	}
	}
	speed auto
	}
	ethernet eth1 {
	address 192.168.8.1/24
	description LAN
	duplex auto
	speed auto
	}
	ethernet eth2 {
	address 192.168.10.1/24
	description "Local 2"
	duplex auto
	speed auto
	}
	ethernet eth3 {
	duplex auto
	speed auto
	}
	loopback lo {
	}
	}
	port-forward {
	auto-firewall enable
	hairpin-nat enable
	lan-interface eth1
	rule 1 {
	description openvpn-ssl
	forward-to {
	address 192.168.8.41
	port 1194
	}
	original-port 443
	protocol tcp_udp
	}
	rule 2 {
	description openvpn
	forward-to {
	address 192.168.8.41
	port 1194
	}
	original-port 1194
	protocol tcp_udp
	}
	wan-interface eth0
	}
	service {
	dhcp-server {
	disabled false
	hostfile-update disable
	shared-network-name home {
	authoritative disable
	subnet 192.168.8.0/24 {
	default-router 192.168.8.1
	dns-server 192.168.8.1
	lease 3600
	start 192.168.8.80 {
	stop 192.168.8.250
	}
	}
	}
	static-arp disable
	use-dnsmasq disable
	}
	dns {
	forwarding {
	cache-size 150
	listen-on eth1
	listen-on eth2
	listen-on eth3
	name-server 8.8.8.8
	name-server 8.8.4.4
	}
	}
	gui {
	cert-file /config/ssl/server.pem
	http-port 80
	https-port 443
	older-ciphers disable
	}
	ssh {
	port 22
	protocol-version v2
	}
	unms {
	disable
	}
	}
	system {
	domain-name steveford.co.uk
	host-name ubnt
	login {
	user ubnt {
	authentication {
	encrypted-password $6$U0iuvZhp75kO3$COowr6jfBurdZd08Z4Bi7WivhKKYHU7CdZLs/BPQebsooMVcN22M6WDv2MIskQbbPdvnAquGPp6rGHWiustH.1
	plaintext-password ""
	}
	full-name ""
	level admin
	}
	}
	name-server 8.8.8.8
	ntp {
	server 0.ubnt.pool.ntp.org {
	}
	server 1.ubnt.pool.ntp.org {
	}
	server 2.ubnt.pool.ntp.org {
	}
	server 3.ubnt.pool.ntp.org {
	}
	}
	offload {
	hwnat disable
	ipv4 {
	forwarding enable
	gre enable
	pppoe enable
	vlan enable
	}
	}
	packet-rx-core-num all
	syslog {
	global {
	facility all {
	level notice
	}
	facility protocols {
	level debug
	}
	}
	}
	time-zone UTC
	traffic-analysis {
	dpi enable
	export enable
	}
	}


	/* Warning: Do not remove the following line. */
	/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:suspend@1:system@4:ubnt-pptp@1:ubnt-udapi-server@1:ubnt-unms@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
	/* Release version: v1.10.8.5142457.181120.1810 */