diff options
Diffstat (limited to 'smoketest/config-tests/dialup-router-complex')
| -rw-r--r-- | smoketest/config-tests/dialup-router-complex | 740 |
1 files changed, 740 insertions, 0 deletions
diff --git a/smoketest/config-tests/dialup-router-complex b/smoketest/config-tests/dialup-router-complex new file mode 100644 index 000000000..4416ef82e --- /dev/null +++ b/smoketest/config-tests/dialup-router-complex @@ -0,0 +1,740 @@ +set firewall global-options all-ping 'enable' +set firewall global-options broadcast-ping 'disable' +set firewall global-options ip-src-route 'disable' +set firewall global-options ipv6-receive-redirects 'disable' +set firewall global-options ipv6-src-route 'disable' +set firewall global-options log-martians 'enable' +set firewall global-options receive-redirects 'disable' +set firewall global-options send-redirects 'enable' +set firewall global-options source-validation 'disable' +set firewall global-options syn-cookies 'enable' +set firewall global-options timeout icmp '30' +set firewall global-options timeout other '600' +set firewall global-options timeout udp other '300' +set firewall global-options timeout udp stream '300' +set firewall global-options twa-hazards-protection 'disable' +set firewall group address-group AUDIO-STREAM address '172.16.35.20' +set firewall group address-group AUDIO-STREAM address '172.16.35.21' +set firewall group address-group AUDIO-STREAM address '172.16.35.22' +set firewall group address-group AUDIO-STREAM address '172.16.35.23' +set firewall group address-group DMZ-RDP-SERVER address '172.16.33.40' +set firewall group address-group DMZ-WEBSERVER address '172.16.36.10' +set firewall group address-group DMZ-WEBSERVER address '172.16.36.40' +set firewall group address-group DMZ-WEBSERVER address '172.16.36.20' +set firewall group address-group DOMAIN-CONTROLLER address '172.16.100.10' +set firewall group address-group DOMAIN-CONTROLLER address '172.16.100.20' +set firewall group address-group MEDIA-STREAMING-CLIENTS address '172.16.35.241' +set firewall group address-group MEDIA-STREAMING-CLIENTS address '172.16.35.242' +set firewall group address-group MEDIA-STREAMING-CLIENTS address '172.16.35.243' +set firewall group ipv6-network-group LOCAL-ADDRESSES network 'ff02::/64' +set firewall group ipv6-network-group LOCAL-ADDRESSES network 'fe80::/10' +set firewall group network-group SSH-IN-ALLOW network '192.0.2.0/24' +set firewall group network-group SSH-IN-ALLOW network '10.0.0.0/8' +set firewall group network-group SSH-IN-ALLOW network '172.16.0.0/12' +set firewall group network-group SSH-IN-ALLOW network '192.168.0.0/16' +set firewall group port-group SMART-TV-PORTS port '5005-5006' +set firewall group port-group SMART-TV-PORTS port '80' +set firewall group port-group SMART-TV-PORTS port '443' +set firewall group port-group SMART-TV-PORTS port '3722' +set firewall ipv4 name DMZ-GUEST default-action 'drop' +set firewall ipv4 name DMZ-GUEST default-log +set firewall ipv4 name DMZ-GUEST rule 1 action 'return' +set firewall ipv4 name DMZ-GUEST rule 1 state 'established' +set firewall ipv4 name DMZ-GUEST rule 1 state 'related' +set firewall ipv4 name DMZ-GUEST rule 2 action 'drop' +set firewall ipv4 name DMZ-GUEST rule 2 log +set firewall ipv4 name DMZ-GUEST rule 2 state 'invalid' +set firewall ipv4 name DMZ-LAN default-action 'drop' +set firewall ipv4 name DMZ-LAN default-log +set firewall ipv4 name DMZ-LAN rule 1 action 'return' +set firewall ipv4 name DMZ-LAN rule 1 state 'established' +set firewall ipv4 name DMZ-LAN rule 1 state 'related' +set firewall ipv4 name DMZ-LAN rule 2 action 'drop' +set firewall ipv4 name DMZ-LAN rule 2 log +set firewall ipv4 name DMZ-LAN rule 2 state 'invalid' +set firewall ipv4 name DMZ-LAN rule 100 action 'return' +set firewall ipv4 name DMZ-LAN rule 100 description 'NTP and LDAP to AD DC' +set firewall ipv4 name DMZ-LAN rule 100 destination group address-group 'DOMAIN-CONTROLLER' +set firewall ipv4 name DMZ-LAN rule 100 destination port '123,389,636' +set firewall ipv4 name DMZ-LAN rule 100 protocol 'tcp_udp' +set firewall ipv4 name DMZ-LAN rule 300 action 'return' +set firewall ipv4 name DMZ-LAN rule 300 destination group address-group 'DMZ-RDP-SERVER' +set firewall ipv4 name DMZ-LAN rule 300 destination port '3389' +set firewall ipv4 name DMZ-LAN rule 300 protocol 'tcp_udp' +set firewall ipv4 name DMZ-LAN rule 300 source address '172.16.36.20' +set firewall ipv4 name DMZ-LOCAL default-action 'drop' +set firewall ipv4 name DMZ-LOCAL default-log +set firewall ipv4 name DMZ-LOCAL rule 1 action 'return' +set firewall ipv4 name DMZ-LOCAL rule 1 state 'established' +set firewall ipv4 name DMZ-LOCAL rule 1 state 'related' +set firewall ipv4 name DMZ-LOCAL rule 2 action 'drop' +set firewall ipv4 name DMZ-LOCAL rule 2 log +set firewall ipv4 name DMZ-LOCAL rule 2 state 'invalid' +set firewall ipv4 name DMZ-LOCAL rule 50 action 'return' +set firewall ipv4 name DMZ-LOCAL rule 50 destination address '172.16.254.30' +set firewall ipv4 name DMZ-LOCAL rule 50 destination port '53' +set firewall ipv4 name DMZ-LOCAL rule 50 protocol 'tcp_udp' +set firewall ipv4 name DMZ-LOCAL rule 123 action 'return' +set firewall ipv4 name DMZ-LOCAL rule 123 destination port '123' +set firewall ipv4 name DMZ-LOCAL rule 123 protocol 'udp' +set firewall ipv4 name DMZ-LOCAL rule 800 action 'drop' +set firewall ipv4 name DMZ-LOCAL rule 800 description 'SSH anti brute force' +set firewall ipv4 name DMZ-LOCAL rule 800 destination port 'ssh' +set firewall ipv4 name DMZ-LOCAL rule 800 log +set firewall ipv4 name DMZ-LOCAL rule 800 protocol 'tcp' +set firewall ipv4 name DMZ-LOCAL rule 800 recent count '4' +set firewall ipv4 name DMZ-LOCAL rule 800 recent time 'minute' +set firewall ipv4 name DMZ-LOCAL rule 800 state 'new' +set firewall ipv4 name DMZ-WAN default-action 'return' +set firewall ipv4 name GUEST-DMZ default-action 'drop' +set firewall ipv4 name GUEST-DMZ default-log +set firewall ipv4 name GUEST-DMZ rule 1 action 'return' +set firewall ipv4 name GUEST-DMZ rule 1 state 'established' +set firewall ipv4 name GUEST-DMZ rule 1 state 'related' +set firewall ipv4 name GUEST-DMZ rule 2 action 'drop' +set firewall ipv4 name GUEST-DMZ rule 2 log +set firewall ipv4 name GUEST-DMZ rule 2 state 'invalid' +set firewall ipv4 name GUEST-DMZ rule 100 action 'return' +set firewall ipv4 name GUEST-DMZ rule 100 destination port '80,443' +set firewall ipv4 name GUEST-DMZ rule 100 protocol 'tcp' +set firewall ipv4 name GUEST-IOT default-action 'drop' +set firewall ipv4 name GUEST-IOT default-log +set firewall ipv4 name GUEST-IOT rule 1 action 'return' +set firewall ipv4 name GUEST-IOT rule 1 state 'established' +set firewall ipv4 name GUEST-IOT rule 1 state 'related' +set firewall ipv4 name GUEST-IOT rule 2 action 'drop' +set firewall ipv4 name GUEST-IOT rule 2 log +set firewall ipv4 name GUEST-IOT rule 2 state 'invalid' +set firewall ipv4 name GUEST-IOT rule 100 action 'return' +set firewall ipv4 name GUEST-IOT rule 100 description 'MEDIA-STREAMING-CLIENTS Devices to GUEST' +set firewall ipv4 name GUEST-IOT rule 100 destination group address-group 'MEDIA-STREAMING-CLIENTS' +set firewall ipv4 name GUEST-IOT rule 100 protocol 'tcp_udp' +set firewall ipv4 name GUEST-IOT rule 110 action 'return' +set firewall ipv4 name GUEST-IOT rule 110 description 'AUDIO-STREAM Devices to GUEST' +set firewall ipv4 name GUEST-IOT rule 110 destination group address-group 'AUDIO-STREAM' +set firewall ipv4 name GUEST-IOT rule 110 protocol 'tcp_udp' +set firewall ipv4 name GUEST-IOT rule 200 action 'return' +set firewall ipv4 name GUEST-IOT rule 200 description 'MCAST relay' +set firewall ipv4 name GUEST-IOT rule 200 destination address '224.0.0.251' +set firewall ipv4 name GUEST-IOT rule 200 destination port '5353' +set firewall ipv4 name GUEST-IOT rule 200 protocol 'udp' +set firewall ipv4 name GUEST-IOT rule 300 action 'return' +set firewall ipv4 name GUEST-IOT rule 300 description 'BCAST relay' +set firewall ipv4 name GUEST-IOT rule 300 destination port '1900' +set firewall ipv4 name GUEST-IOT rule 300 protocol 'udp' +set firewall ipv4 name GUEST-LAN default-action 'drop' +set firewall ipv4 name GUEST-LAN default-log +set firewall ipv4 name GUEST-LAN rule 1 action 'return' +set firewall ipv4 name GUEST-LAN rule 1 state 'established' +set firewall ipv4 name GUEST-LAN rule 1 state 'related' +set firewall ipv4 name GUEST-LAN rule 2 action 'drop' +set firewall ipv4 name GUEST-LAN rule 2 log +set firewall ipv4 name GUEST-LAN rule 2 state 'invalid' +set firewall ipv4 name GUEST-LOCAL default-action 'drop' +set firewall ipv4 name GUEST-LOCAL default-log +set firewall ipv4 name GUEST-LOCAL rule 1 action 'return' +set firewall ipv4 name GUEST-LOCAL rule 1 state 'established' +set firewall ipv4 name GUEST-LOCAL rule 1 state 'related' +set firewall ipv4 name GUEST-LOCAL rule 2 action 'drop' +set firewall ipv4 name GUEST-LOCAL rule 2 log +set firewall ipv4 name GUEST-LOCAL rule 2 state 'invalid' +set firewall ipv4 name GUEST-LOCAL rule 10 action 'return' +set firewall ipv4 name GUEST-LOCAL rule 10 description 'DNS' +set firewall ipv4 name GUEST-LOCAL rule 10 destination address '172.31.0.254' +set firewall ipv4 name GUEST-LOCAL rule 10 destination port '53' +set firewall ipv4 name GUEST-LOCAL rule 10 protocol 'tcp_udp' +set firewall ipv4 name GUEST-LOCAL rule 11 action 'return' +set firewall ipv4 name GUEST-LOCAL rule 11 description 'DHCP' +set firewall ipv4 name GUEST-LOCAL rule 11 destination port '67' +set firewall ipv4 name GUEST-LOCAL rule 11 protocol 'udp' +set firewall ipv4 name GUEST-LOCAL rule 15 action 'return' +set firewall ipv4 name GUEST-LOCAL rule 15 destination address '172.31.0.254' +set firewall ipv4 name GUEST-LOCAL rule 15 protocol 'icmp' +set firewall ipv4 name GUEST-LOCAL rule 200 action 'return' +set firewall ipv4 name GUEST-LOCAL rule 200 description 'MCAST relay' +set firewall ipv4 name GUEST-LOCAL rule 200 destination address '224.0.0.251' +set firewall ipv4 name GUEST-LOCAL rule 200 destination port '5353' +set firewall ipv4 name GUEST-LOCAL rule 200 protocol 'udp' +set firewall ipv4 name GUEST-LOCAL rule 210 action 'return' +set firewall ipv4 name GUEST-LOCAL rule 210 description 'AUDIO-STREAM Broadcast' +set firewall ipv4 name GUEST-LOCAL rule 210 destination port '1900' +set firewall ipv4 name GUEST-LOCAL rule 210 protocol 'udp' +set firewall ipv4 name GUEST-WAN default-action 'drop' +set firewall ipv4 name GUEST-WAN default-log +set firewall ipv4 name GUEST-WAN rule 1 action 'return' +set firewall ipv4 name GUEST-WAN rule 1 state 'established' +set firewall ipv4 name GUEST-WAN rule 1 state 'related' +set firewall ipv4 name GUEST-WAN rule 2 action 'drop' +set firewall ipv4 name GUEST-WAN rule 2 log +set firewall ipv4 name GUEST-WAN rule 2 state 'invalid' +set firewall ipv4 name GUEST-WAN rule 25 action 'return' +set firewall ipv4 name GUEST-WAN rule 25 description 'SMTP' +set firewall ipv4 name GUEST-WAN rule 25 destination port '25,587' +set firewall ipv4 name GUEST-WAN rule 25 protocol 'tcp' +set firewall ipv4 name GUEST-WAN rule 53 action 'return' +set firewall ipv4 name GUEST-WAN rule 53 destination port '53' +set firewall ipv4 name GUEST-WAN rule 53 protocol 'tcp_udp' +set firewall ipv4 name GUEST-WAN rule 60 action 'return' +set firewall ipv4 name GUEST-WAN rule 60 source address '172.31.0.200' +set firewall ipv4 name GUEST-WAN rule 80 action 'return' +set firewall ipv4 name GUEST-WAN rule 80 source address '172.31.0.200' +set firewall ipv4 name GUEST-WAN rule 100 action 'return' +set firewall ipv4 name GUEST-WAN rule 100 protocol 'icmp' +set firewall ipv4 name GUEST-WAN rule 110 action 'return' +set firewall ipv4 name GUEST-WAN rule 110 description 'POP3' +set firewall ipv4 name GUEST-WAN rule 110 destination port '110,995' +set firewall ipv4 name GUEST-WAN rule 110 limit rate '10/minute' +set firewall ipv4 name GUEST-WAN rule 110 protocol 'tcp' +set firewall ipv4 name GUEST-WAN rule 123 action 'return' +set firewall ipv4 name GUEST-WAN rule 123 description 'NTP Client' +set firewall ipv4 name GUEST-WAN rule 123 destination port '123' +set firewall ipv4 name GUEST-WAN rule 123 protocol 'udp' +set firewall ipv4 name GUEST-WAN rule 143 action 'return' +set firewall ipv4 name GUEST-WAN rule 143 description 'IMAP' +set firewall ipv4 name GUEST-WAN rule 143 destination port '143,993' +set firewall ipv4 name GUEST-WAN rule 143 protocol 'tcp' +set firewall ipv4 name GUEST-WAN rule 200 action 'return' +set firewall ipv4 name GUEST-WAN rule 200 destination port '80,443' +set firewall ipv4 name GUEST-WAN rule 200 protocol 'tcp' +set firewall ipv4 name GUEST-WAN rule 500 action 'return' +set firewall ipv4 name GUEST-WAN rule 500 description 'L2TP IPSec' +set firewall ipv4 name GUEST-WAN rule 500 destination port '500,4500' +set firewall ipv4 name GUEST-WAN rule 500 protocol 'udp' +set firewall ipv4 name GUEST-WAN rule 600 action 'return' +set firewall ipv4 name GUEST-WAN rule 600 destination port '5222-5224' +set firewall ipv4 name GUEST-WAN rule 600 protocol 'tcp' +set firewall ipv4 name GUEST-WAN rule 601 action 'return' +set firewall ipv4 name GUEST-WAN rule 601 destination port '3478-3497,4500,16384-16387,16393-16402' +set firewall ipv4 name GUEST-WAN rule 601 protocol 'udp' +set firewall ipv4 name GUEST-WAN rule 1000 action 'return' +set firewall ipv4 name GUEST-WAN rule 1000 source address '172.31.0.184' +set firewall ipv4 name IOT-GUEST default-action 'drop' +set firewall ipv4 name IOT-GUEST default-log +set firewall ipv4 name IOT-GUEST rule 1 action 'return' +set firewall ipv4 name IOT-GUEST rule 1 state 'established' +set firewall ipv4 name IOT-GUEST rule 1 state 'related' +set firewall ipv4 name IOT-GUEST rule 2 action 'drop' +set firewall ipv4 name IOT-GUEST rule 2 log +set firewall ipv4 name IOT-GUEST rule 2 state 'invalid' +set firewall ipv4 name IOT-GUEST rule 100 action 'return' +set firewall ipv4 name IOT-GUEST rule 100 description 'MEDIA-STREAMING-CLIENTS Devices to IOT' +set firewall ipv4 name IOT-GUEST rule 100 protocol 'tcp_udp' +set firewall ipv4 name IOT-GUEST rule 100 source group address-group 'MEDIA-STREAMING-CLIENTS' +set firewall ipv4 name IOT-GUEST rule 110 action 'return' +set firewall ipv4 name IOT-GUEST rule 110 description 'AUDIO-STREAM Devices to IOT' +set firewall ipv4 name IOT-GUEST rule 110 protocol 'tcp_udp' +set firewall ipv4 name IOT-GUEST rule 110 source group address-group 'AUDIO-STREAM' +set firewall ipv4 name IOT-GUEST rule 200 action 'return' +set firewall ipv4 name IOT-GUEST rule 200 description 'MCAST relay' +set firewall ipv4 name IOT-GUEST rule 200 destination address '224.0.0.251' +set firewall ipv4 name IOT-GUEST rule 200 destination port '5353' +set firewall ipv4 name IOT-GUEST rule 200 protocol 'udp' +set firewall ipv4 name IOT-GUEST rule 300 action 'return' +set firewall ipv4 name IOT-GUEST rule 300 description 'BCAST relay' +set firewall ipv4 name IOT-GUEST rule 300 destination port '1900' +set firewall ipv4 name IOT-GUEST rule 300 protocol 'udp' +set firewall ipv4 name IOT-LAN default-action 'drop' +set firewall ipv4 name IOT-LAN default-log +set firewall ipv4 name IOT-LAN rule 1 action 'return' +set firewall ipv4 name IOT-LAN rule 1 state 'established' +set firewall ipv4 name IOT-LAN rule 1 state 'related' +set firewall ipv4 name IOT-LAN rule 2 action 'drop' +set firewall ipv4 name IOT-LAN rule 2 log +set firewall ipv4 name IOT-LAN rule 2 state 'invalid' +set firewall ipv4 name IOT-LAN rule 100 action 'return' +set firewall ipv4 name IOT-LAN rule 100 description 'AppleTV to LAN' +set firewall ipv4 name IOT-LAN rule 100 destination group port-group 'SMART-TV-PORTS' +set firewall ipv4 name IOT-LAN rule 100 protocol 'tcp_udp' +set firewall ipv4 name IOT-LAN rule 100 source group address-group 'MEDIA-STREAMING-CLIENTS' +set firewall ipv4 name IOT-LAN rule 110 action 'return' +set firewall ipv4 name IOT-LAN rule 110 description 'AUDIO-STREAM Devices to LAN' +set firewall ipv4 name IOT-LAN rule 110 protocol 'tcp_udp' +set firewall ipv4 name IOT-LAN rule 110 source group address-group 'AUDIO-STREAM' +set firewall ipv4 name IOT-LOCAL default-action 'drop' +set firewall ipv4 name IOT-LOCAL default-log +set firewall ipv4 name IOT-LOCAL rule 1 action 'return' +set firewall ipv4 name IOT-LOCAL rule 1 state 'established' +set firewall ipv4 name IOT-LOCAL rule 1 state 'related' +set firewall ipv4 name IOT-LOCAL rule 2 action 'drop' +set firewall ipv4 name IOT-LOCAL rule 2 log +set firewall ipv4 name IOT-LOCAL rule 2 state 'invalid' +set firewall ipv4 name IOT-LOCAL rule 10 action 'return' +set firewall ipv4 name IOT-LOCAL rule 10 description 'DNS' +set firewall ipv4 name IOT-LOCAL rule 10 destination address '172.16.254.30' +set firewall ipv4 name IOT-LOCAL rule 10 destination port '53' +set firewall ipv4 name IOT-LOCAL rule 10 protocol 'tcp_udp' +set firewall ipv4 name IOT-LOCAL rule 11 action 'return' +set firewall ipv4 name IOT-LOCAL rule 11 description 'DHCP' +set firewall ipv4 name IOT-LOCAL rule 11 destination port '67' +set firewall ipv4 name IOT-LOCAL rule 11 protocol 'udp' +set firewall ipv4 name IOT-LOCAL rule 15 action 'return' +set firewall ipv4 name IOT-LOCAL rule 15 destination address '172.16.35.254' +set firewall ipv4 name IOT-LOCAL rule 15 protocol 'icmp' +set firewall ipv4 name IOT-LOCAL rule 200 action 'return' +set firewall ipv4 name IOT-LOCAL rule 200 description 'MCAST relay' +set firewall ipv4 name IOT-LOCAL rule 200 destination address '224.0.0.251' +set firewall ipv4 name IOT-LOCAL rule 200 destination port '5353' +set firewall ipv4 name IOT-LOCAL rule 200 protocol 'udp' +set firewall ipv4 name IOT-LOCAL rule 201 action 'return' +set firewall ipv4 name IOT-LOCAL rule 201 description 'MCAST relay' +set firewall ipv4 name IOT-LOCAL rule 201 destination address '172.16.35.254' +set firewall ipv4 name IOT-LOCAL rule 201 destination port '5353' +set firewall ipv4 name IOT-LOCAL rule 201 protocol 'udp' +set firewall ipv4 name IOT-LOCAL rule 210 action 'return' +set firewall ipv4 name IOT-LOCAL rule 210 description 'AUDIO-STREAM Broadcast' +set firewall ipv4 name IOT-LOCAL rule 210 destination port '1900,1902,6969' +set firewall ipv4 name IOT-LOCAL rule 210 protocol 'udp' +set firewall ipv4 name IOT-WAN default-action 'return' +set firewall ipv4 name LAN-DMZ default-action 'drop' +set firewall ipv4 name LAN-DMZ default-log +set firewall ipv4 name LAN-DMZ rule 1 action 'return' +set firewall ipv4 name LAN-DMZ rule 1 state 'established' +set firewall ipv4 name LAN-DMZ rule 1 state 'related' +set firewall ipv4 name LAN-DMZ rule 2 action 'drop' +set firewall ipv4 name LAN-DMZ rule 2 log +set firewall ipv4 name LAN-DMZ rule 2 state 'invalid' +set firewall ipv4 name LAN-DMZ rule 22 action 'return' +set firewall ipv4 name LAN-DMZ rule 22 description 'SSH into DMZ' +set firewall ipv4 name LAN-DMZ rule 22 destination port '22' +set firewall ipv4 name LAN-DMZ rule 22 protocol 'tcp' +set firewall ipv4 name LAN-DMZ rule 100 action 'return' +set firewall ipv4 name LAN-DMZ rule 100 destination group address-group 'DMZ-WEBSERVER' +set firewall ipv4 name LAN-DMZ rule 100 destination port '22,80,443' +set firewall ipv4 name LAN-DMZ rule 100 protocol 'tcp' +set firewall ipv4 name LAN-GUEST default-action 'drop' +set firewall ipv4 name LAN-GUEST default-log +set firewall ipv4 name LAN-GUEST rule 1 action 'return' +set firewall ipv4 name LAN-GUEST rule 1 state 'established' +set firewall ipv4 name LAN-GUEST rule 1 state 'related' +set firewall ipv4 name LAN-GUEST rule 2 action 'drop' +set firewall ipv4 name LAN-GUEST rule 2 log +set firewall ipv4 name LAN-GUEST rule 2 state 'invalid' +set firewall ipv4 name LAN-IOT default-action 'return' +set firewall ipv4 name LAN-LOCAL default-action 'return' +set firewall ipv4 name LAN-WAN default-action 'return' +set firewall ipv4 name LOCAL-DMZ default-action 'drop' +set firewall ipv4 name LOCAL-DMZ default-log +set firewall ipv4 name LOCAL-DMZ rule 1 action 'return' +set firewall ipv4 name LOCAL-DMZ rule 1 state 'established' +set firewall ipv4 name LOCAL-DMZ rule 1 state 'related' +set firewall ipv4 name LOCAL-DMZ rule 2 action 'drop' +set firewall ipv4 name LOCAL-DMZ rule 2 log +set firewall ipv4 name LOCAL-DMZ rule 2 state 'invalid' +set firewall ipv4 name LOCAL-GUEST default-action 'drop' +set firewall ipv4 name LOCAL-GUEST default-log +set firewall ipv4 name LOCAL-GUEST rule 1 action 'return' +set firewall ipv4 name LOCAL-GUEST rule 1 state 'established' +set firewall ipv4 name LOCAL-GUEST rule 1 state 'related' +set firewall ipv4 name LOCAL-GUEST rule 2 action 'drop' +set firewall ipv4 name LOCAL-GUEST rule 2 log +set firewall ipv4 name LOCAL-GUEST rule 2 state 'invalid' +set firewall ipv4 name LOCAL-GUEST rule 5 action 'return' +set firewall ipv4 name LOCAL-GUEST rule 5 protocol 'icmp' +set firewall ipv4 name LOCAL-GUEST rule 200 action 'return' +set firewall ipv4 name LOCAL-GUEST rule 200 description 'MCAST relay' +set firewall ipv4 name LOCAL-GUEST rule 200 destination address '224.0.0.251' +set firewall ipv4 name LOCAL-GUEST rule 200 destination port '5353' +set firewall ipv4 name LOCAL-GUEST rule 200 protocol 'udp' +set firewall ipv4 name LOCAL-GUEST rule 300 action 'return' +set firewall ipv4 name LOCAL-GUEST rule 300 description 'BCAST relay' +set firewall ipv4 name LOCAL-GUEST rule 300 destination port '1900' +set firewall ipv4 name LOCAL-GUEST rule 300 protocol 'udp' +set firewall ipv4 name LOCAL-IOT default-action 'drop' +set firewall ipv4 name LOCAL-IOT default-log +set firewall ipv4 name LOCAL-IOT rule 1 action 'return' +set firewall ipv4 name LOCAL-IOT rule 1 state 'established' +set firewall ipv4 name LOCAL-IOT rule 1 state 'related' +set firewall ipv4 name LOCAL-IOT rule 2 action 'drop' +set firewall ipv4 name LOCAL-IOT rule 2 log +set firewall ipv4 name LOCAL-IOT rule 2 state 'invalid' +set firewall ipv4 name LOCAL-IOT rule 5 action 'return' +set firewall ipv4 name LOCAL-IOT rule 5 protocol 'icmp' +set firewall ipv4 name LOCAL-IOT rule 200 action 'return' +set firewall ipv4 name LOCAL-IOT rule 200 description 'MCAST relay' +set firewall ipv4 name LOCAL-IOT rule 200 destination address '224.0.0.251' +set firewall ipv4 name LOCAL-IOT rule 200 destination port '5353' +set firewall ipv4 name LOCAL-IOT rule 200 protocol 'udp' +set firewall ipv4 name LOCAL-IOT rule 300 action 'return' +set firewall ipv4 name LOCAL-IOT rule 300 description 'BCAST relay' +set firewall ipv4 name LOCAL-IOT rule 300 destination port '1900,6969' +set firewall ipv4 name LOCAL-IOT rule 300 protocol 'udp' +set firewall ipv4 name LOCAL-LAN default-action 'return' +set firewall ipv4 name LOCAL-WAN default-action 'drop' +set firewall ipv4 name LOCAL-WAN default-log +set firewall ipv4 name LOCAL-WAN rule 1 action 'return' +set firewall ipv4 name LOCAL-WAN rule 1 state 'established' +set firewall ipv4 name LOCAL-WAN rule 1 state 'related' +set firewall ipv4 name LOCAL-WAN rule 2 action 'drop' +set firewall ipv4 name LOCAL-WAN rule 2 log +set firewall ipv4 name LOCAL-WAN rule 2 state 'invalid' +set firewall ipv4 name LOCAL-WAN rule 10 action 'return' +set firewall ipv4 name LOCAL-WAN rule 10 protocol 'icmp' +set firewall ipv4 name LOCAL-WAN rule 50 action 'return' +set firewall ipv4 name LOCAL-WAN rule 50 description 'DNS' +set firewall ipv4 name LOCAL-WAN rule 50 destination port '53' +set firewall ipv4 name LOCAL-WAN rule 50 protocol 'tcp_udp' +set firewall ipv4 name LOCAL-WAN rule 80 action 'return' +set firewall ipv4 name LOCAL-WAN rule 80 destination port '80,443' +set firewall ipv4 name LOCAL-WAN rule 80 protocol 'tcp' +set firewall ipv4 name LOCAL-WAN rule 123 action 'return' +set firewall ipv4 name LOCAL-WAN rule 123 description 'NTP' +set firewall ipv4 name LOCAL-WAN rule 123 destination port '123' +set firewall ipv4 name LOCAL-WAN rule 123 protocol 'udp' +set firewall ipv4 name WAN-DMZ default-action 'drop' +set firewall ipv4 name WAN-DMZ default-log +set firewall ipv4 name WAN-DMZ rule 1 action 'return' +set firewall ipv4 name WAN-DMZ rule 1 state 'established' +set firewall ipv4 name WAN-DMZ rule 1 state 'related' +set firewall ipv4 name WAN-DMZ rule 2 action 'drop' +set firewall ipv4 name WAN-DMZ rule 2 log +set firewall ipv4 name WAN-DMZ rule 2 state 'invalid' +set firewall ipv4 name WAN-DMZ rule 100 action 'return' +set firewall ipv4 name WAN-DMZ rule 100 destination address '172.16.36.10' +set firewall ipv4 name WAN-DMZ rule 100 destination port '80,443' +set firewall ipv4 name WAN-DMZ rule 100 protocol 'tcp' +set firewall ipv4 name WAN-GUEST default-action 'drop' +set firewall ipv4 name WAN-GUEST default-log +set firewall ipv4 name WAN-GUEST rule 1 action 'return' +set firewall ipv4 name WAN-GUEST rule 1 state 'established' +set firewall ipv4 name WAN-GUEST rule 1 state 'related' +set firewall ipv4 name WAN-GUEST rule 2 action 'drop' +set firewall ipv4 name WAN-GUEST rule 2 log +set firewall ipv4 name WAN-GUEST rule 2 state 'invalid' +set firewall ipv4 name WAN-GUEST rule 1000 action 'return' +set firewall ipv4 name WAN-GUEST rule 1000 destination address '172.31.0.184' +set firewall ipv4 name WAN-GUEST rule 8000 action 'return' +set firewall ipv4 name WAN-GUEST rule 8000 destination address '172.31.0.200' +set firewall ipv4 name WAN-GUEST rule 8000 destination port '10000' +set firewall ipv4 name WAN-GUEST rule 8000 protocol 'udp' +set firewall ipv4 name WAN-IOT default-action 'drop' +set firewall ipv4 name WAN-IOT default-log +set firewall ipv4 name WAN-IOT rule 1 action 'return' +set firewall ipv4 name WAN-IOT rule 1 state 'established' +set firewall ipv4 name WAN-IOT rule 1 state 'related' +set firewall ipv4 name WAN-IOT rule 2 action 'drop' +set firewall ipv4 name WAN-IOT rule 2 log +set firewall ipv4 name WAN-IOT rule 2 state 'invalid' +set firewall ipv4 name WAN-LAN default-action 'drop' +set firewall ipv4 name WAN-LAN default-log +set firewall ipv4 name WAN-LAN rule 1 action 'return' +set firewall ipv4 name WAN-LAN rule 1 state 'established' +set firewall ipv4 name WAN-LAN rule 1 state 'related' +set firewall ipv4 name WAN-LAN rule 2 action 'drop' +set firewall ipv4 name WAN-LAN rule 2 log +set firewall ipv4 name WAN-LAN rule 2 state 'invalid' +set firewall ipv4 name WAN-LAN rule 1000 action 'return' +set firewall ipv4 name WAN-LAN rule 1000 destination address '172.16.33.40' +set firewall ipv4 name WAN-LAN rule 1000 destination port '3389' +set firewall ipv4 name WAN-LAN rule 1000 protocol 'tcp' +set firewall ipv4 name WAN-LAN rule 1000 source group network-group 'SSH-IN-ALLOW' +set firewall ipv4 name WAN-LOCAL default-action 'drop' +set firewall ipv4 name WAN-LOCAL default-log +set firewall ipv4 name WAN-LOCAL rule 1 action 'return' +set firewall ipv4 name WAN-LOCAL rule 1 state 'established' +set firewall ipv4 name WAN-LOCAL rule 1 state 'related' +set firewall ipv4 name WAN-LOCAL rule 2 action 'drop' +set firewall ipv4 name WAN-LOCAL rule 2 log +set firewall ipv4 name WAN-LOCAL rule 2 state 'invalid' +set firewall ipv4 name WAN-LOCAL rule 22 action 'return' +set firewall ipv4 name WAN-LOCAL rule 22 destination port '22' +set firewall ipv4 name WAN-LOCAL rule 22 protocol 'tcp' +set firewall ipv4 name WAN-LOCAL rule 22 source group network-group 'SSH-IN-ALLOW' +set firewall ipv6 name ALLOW-ALL-6 default-action 'return' +set firewall ipv6 name ALLOW-BASIC-6 default-action 'drop' +set firewall ipv6 name ALLOW-BASIC-6 default-log +set firewall ipv6 name ALLOW-BASIC-6 rule 1 action 'return' +set firewall ipv6 name ALLOW-BASIC-6 rule 1 state 'established' +set firewall ipv6 name ALLOW-BASIC-6 rule 1 state 'related' +set firewall ipv6 name ALLOW-BASIC-6 rule 2 action 'drop' +set firewall ipv6 name ALLOW-BASIC-6 rule 2 state 'invalid' +set firewall ipv6 name ALLOW-BASIC-6 rule 10 action 'return' +set firewall ipv6 name ALLOW-BASIC-6 rule 10 protocol 'ipv6-icmp' +set firewall ipv6 name ALLOW-BASIC-6 rule 15 action 'return' +set firewall ipv6 name ALLOW-BASIC-6 rule 15 icmpv6 type '1' +set firewall ipv6 name ALLOW-BASIC-6 rule 15 protocol 'ipv6-icmp' +set firewall ipv6 name ALLOW-BASIC-6 rule 16 action 'return' +set firewall ipv6 name ALLOW-BASIC-6 rule 16 icmpv6 code '1' +set firewall ipv6 name ALLOW-BASIC-6 rule 16 icmpv6 type '1' +set firewall ipv6 name ALLOW-BASIC-6 rule 16 protocol 'ipv6-icmp' +set firewall ipv6 name ALLOW-BASIC-6 rule 17 action 'return' +set firewall ipv6 name ALLOW-BASIC-6 rule 17 icmpv6 type-name 'destination-unreachable' +set firewall ipv6 name ALLOW-BASIC-6 rule 17 protocol 'ipv6-icmp' +set firewall ipv6 name ALLOW-ESTABLISHED-6 default-action 'drop' +set firewall ipv6 name ALLOW-ESTABLISHED-6 default-log +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 1 action 'return' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 1 state 'established' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 1 state 'related' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 2 action 'drop' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 2 state 'invalid' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 10 action 'return' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 10 destination group network-group 'LOCAL-ADDRESSES' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 10 protocol 'ipv6-icmp' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 10 source address 'fe80::/10' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 20 action 'return' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 20 icmpv6 type-name 'echo-request' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 20 protocol 'ipv6-icmp' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 21 action 'return' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 21 icmpv6 type-name 'destination-unreachable' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 21 protocol 'ipv6-icmp' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 22 action 'return' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 22 icmpv6 type-name 'packet-too-big' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 22 protocol 'ipv6-icmp' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 23 action 'return' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 23 icmpv6 type-name 'time-exceeded' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 23 protocol 'ipv6-icmp' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 24 action 'return' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 24 icmpv6 type-name 'parameter-problem' +set firewall ipv6 name ALLOW-ESTABLISHED-6 rule 24 protocol 'ipv6-icmp' +set firewall ipv6 name WAN-LOCAL-6 default-action 'drop' +set firewall ipv6 name WAN-LOCAL-6 default-log +set firewall ipv6 name WAN-LOCAL-6 rule 1 action 'return' +set firewall ipv6 name WAN-LOCAL-6 rule 1 state 'established' +set firewall ipv6 name WAN-LOCAL-6 rule 1 state 'related' +set firewall ipv6 name WAN-LOCAL-6 rule 2 action 'drop' +set firewall ipv6 name WAN-LOCAL-6 rule 2 state 'invalid' +set firewall ipv6 name WAN-LOCAL-6 rule 10 action 'return' +set firewall ipv6 name WAN-LOCAL-6 rule 10 destination address 'ff02::/64' +set firewall ipv6 name WAN-LOCAL-6 rule 10 protocol 'ipv6-icmp' +set firewall ipv6 name WAN-LOCAL-6 rule 10 source address 'fe80::/10' +set firewall ipv6 name WAN-LOCAL-6 rule 50 action 'return' +set firewall ipv6 name WAN-LOCAL-6 rule 50 description 'DHCPv6' +set firewall ipv6 name WAN-LOCAL-6 rule 50 destination address 'fe80::/10' +set firewall ipv6 name WAN-LOCAL-6 rule 50 destination port '546' +set firewall ipv6 name WAN-LOCAL-6 rule 50 protocol 'udp' +set firewall ipv6 name WAN-LOCAL-6 rule 50 source address 'fe80::/10' +set firewall ipv6 name WAN-LOCAL-6 rule 50 source port '547' +set firewall zone DMZ default-action 'drop' +set firewall zone DMZ from GUEST firewall name 'GUEST-DMZ' +set firewall zone DMZ from LAN firewall name 'LAN-DMZ' +set firewall zone DMZ from LOCAL firewall name 'LOCAL-DMZ' +set firewall zone DMZ from WAN firewall name 'WAN-DMZ' +set firewall zone DMZ interface 'eth0.50' +set firewall zone GUEST default-action 'drop' +set firewall zone GUEST from DMZ firewall name 'DMZ-GUEST' +set firewall zone GUEST from IOT firewall name 'IOT-GUEST' +set firewall zone GUEST from LAN firewall name 'LAN-GUEST' +set firewall zone GUEST from LOCAL firewall ipv6-name 'ALLOW-ALL-6' +set firewall zone GUEST from LOCAL firewall name 'LOCAL-GUEST' +set firewall zone GUEST from WAN firewall ipv6-name 'ALLOW-ESTABLISHED-6' +set firewall zone GUEST from WAN firewall name 'WAN-GUEST' +set firewall zone GUEST interface 'eth0.20' +set firewall zone IOT default-action 'drop' +set firewall zone IOT from GUEST firewall name 'GUEST-IOT' +set firewall zone IOT from LAN firewall name 'LAN-IOT' +set firewall zone IOT from LOCAL firewall name 'LOCAL-IOT' +set firewall zone IOT from WAN firewall name 'WAN-IOT' +set firewall zone IOT interface 'eth0.35' +set firewall zone LAN default-action 'drop' +set firewall zone LAN from DMZ firewall name 'DMZ-LAN' +set firewall zone LAN from GUEST firewall name 'GUEST-LAN' +set firewall zone LAN from IOT firewall name 'IOT-LAN' +set firewall zone LAN from LOCAL firewall ipv6-name 'ALLOW-ALL-6' +set firewall zone LAN from LOCAL firewall name 'LOCAL-LAN' +set firewall zone LAN from WAN firewall ipv6-name 'ALLOW-ESTABLISHED-6' +set firewall zone LAN from WAN firewall name 'WAN-LAN' +set firewall zone LAN interface 'eth0.5' +set firewall zone LAN interface 'eth0.10' +set firewall zone LAN interface 'eth0.100' +set firewall zone LAN interface 'eth0.201' +set firewall zone LAN interface 'eth0.202' +set firewall zone LAN interface 'eth0.203' +set firewall zone LAN interface 'eth0.204' +set firewall zone LOCAL default-action 'drop' +set firewall zone LOCAL from DMZ firewall name 'DMZ-LOCAL' +set firewall zone LOCAL from GUEST firewall ipv6-name 'ALLOW-ESTABLISHED-6' +set firewall zone LOCAL from GUEST firewall name 'GUEST-LOCAL' +set firewall zone LOCAL from IOT firewall name 'IOT-LOCAL' +set firewall zone LOCAL from LAN firewall ipv6-name 'ALLOW-ALL-6' +set firewall zone LOCAL from LAN firewall name 'LAN-LOCAL' +set firewall zone LOCAL from WAN firewall ipv6-name 'WAN-LOCAL-6' +set firewall zone LOCAL from WAN firewall name 'WAN-LOCAL' +set firewall zone LOCAL local-zone +set firewall zone WAN default-action 'drop' +set firewall zone WAN from DMZ firewall name 'DMZ-WAN' +set firewall zone WAN from GUEST firewall ipv6-name 'ALLOW-ALL-6' +set firewall zone WAN from GUEST firewall name 'GUEST-WAN' +set firewall zone WAN from IOT firewall name 'IOT-WAN' +set firewall zone WAN from LAN firewall ipv6-name 'ALLOW-ALL-6' +set firewall zone WAN from LAN firewall name 'LAN-WAN' +set firewall zone WAN from LOCAL firewall ipv6-name 'ALLOW-ALL-6' +set firewall zone WAN from LOCAL firewall name 'LOCAL-WAN' +set firewall zone WAN interface 'pppoe0' +set interfaces dummy dum0 address '172.16.254.30/32' +set interfaces ethernet eth0 duplex 'auto' +set interfaces ethernet eth0 speed 'auto' +set interfaces ethernet eth0 vif 5 address '172.16.37.254/24' +set interfaces ethernet eth0 vif 10 address '172.16.33.254/24' +set interfaces ethernet eth0 vif 10 ip adjust-mss '1320' +set interfaces ethernet eth0 vif 10 ipv6 adjust-mss '1300' +set interfaces ethernet eth0 vif 20 address '172.31.0.254/24' +set interfaces ethernet eth0 vif 35 address '172.16.35.254/24' +set interfaces ethernet eth0 vif 50 address '172.16.36.254/24' +set interfaces ethernet eth0 vif 100 address '172.16.100.254/24' +set interfaces ethernet eth0 vif 201 address '172.18.201.254/24' +set interfaces ethernet eth0 vif 202 address '172.18.202.254/24' +set interfaces ethernet eth0 vif 203 address '172.18.203.254/24' +set interfaces ethernet eth0 vif 204 address '172.18.204.254/24' +set interfaces ethernet eth1 vif 7 description 'FTTH-PPPoE' +set interfaces loopback lo address '172.16.254.30/32' +set interfaces pppoe pppoe0 authentication password 'vyos' +set interfaces pppoe pppoe0 authentication username 'vyos' +set interfaces pppoe pppoe0 description 'FTTH 100/50MBit' +set interfaces pppoe pppoe0 dhcpv6-options pd 0 interface eth0.10 address '1' +set interfaces pppoe pppoe0 dhcpv6-options pd 0 interface eth0.10 sla-id '10' +set interfaces pppoe pppoe0 dhcpv6-options pd 0 interface eth0.20 address '1' +set interfaces pppoe pppoe0 dhcpv6-options pd 0 interface eth0.20 sla-id '20' +set interfaces pppoe pppoe0 dhcpv6-options pd 0 length '56' +set interfaces pppoe pppoe0 ip adjust-mss '1452' +set interfaces pppoe pppoe0 ipv6 address autoconf +set interfaces pppoe pppoe0 ipv6 adjust-mss '1432' +set interfaces pppoe pppoe0 mtu '1492' +set interfaces pppoe pppoe0 no-peer-dns +set interfaces pppoe pppoe0 source-interface 'eth1.7' +set nat destination rule 100 description 'HTTP(S)' +set nat destination rule 100 destination port '80,443' +set nat destination rule 100 inbound-interface name 'pppoe0' +set nat destination rule 100 log +set nat destination rule 100 protocol 'tcp' +set nat destination rule 100 translation address '172.16.36.10' +set nat destination rule 1000 destination port '3389' +set nat destination rule 1000 disable +set nat destination rule 1000 inbound-interface name 'pppoe0' +set nat destination rule 1000 protocol 'tcp' +set nat destination rule 1000 translation address '172.16.33.40' +set nat destination rule 8000 destination port '10000' +set nat destination rule 8000 inbound-interface name 'pppoe0' +set nat destination rule 8000 log +set nat destination rule 8000 protocol 'udp' +set nat destination rule 8000 translation address '172.31.0.200' +set nat source rule 100 log +set nat source rule 100 outbound-interface name 'pppoe0' +set nat source rule 100 source address '172.16.32.0/19' +set nat source rule 100 translation address 'masquerade' +set nat source rule 200 outbound-interface name 'pppoe0' +set nat source rule 200 source address '172.16.100.0/24' +set nat source rule 200 translation address 'masquerade' +set nat source rule 300 outbound-interface name 'pppoe0' +set nat source rule 300 source address '172.31.0.0/24' +set nat source rule 300 translation address 'masquerade' +set nat source rule 400 outbound-interface name 'pppoe0' +set nat source rule 400 source address '172.18.200.0/21' +set nat source rule 400 translation address 'masquerade' +set protocols static route 10.0.0.0/8 blackhole distance '254' +set protocols static route 169.254.0.0/16 blackhole distance '254' +set protocols static route 172.16.0.0/12 blackhole distance '254' +set protocols static route 192.168.0.0/16 blackhole distance '254' +set protocols static route6 2000::/3 interface pppoe0 +set qos policy shaper QoS bandwidth '50mbit' +set qos policy shaper QoS default bandwidth '100%' +set qos policy shaper QoS default burst '15k' +set qos policy shaper QoS default queue-limit '1000' +set qos policy shaper QoS default queue-type 'fq-codel' +set service dhcp-server shared-network-name BACKBONE authoritative +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 lease '86400' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option default-router '172.16.37.254' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option domain-name 'vyos.net' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option domain-search 'vyos.net' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option name-server '172.16.254.30' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 option ntp-server '172.16.254.30' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 range 0 start '172.16.37.120' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 range 0 stop '172.16.37.149' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP1.wue3 ip-address '172.16.37.231' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 static-mapping AP1.wue3 mac '18:e8:29:6c:c3:a5' +set service dhcp-server shared-network-name BACKBONE subnet 172.16.37.0/24 subnet-id '1' +set service dhcp-server shared-network-name GUEST authoritative +set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 lease '86400' +set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 option default-router '172.31.0.254' +set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 option domain-name 'vyos.net' +set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 option domain-search 'vyos.net' +set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 option name-server '172.31.0.254' +set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 range 0 start '172.31.0.100' +set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 range 0 stop '172.31.0.199' +set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 static-mapping host01 ip-address '172.31.0.200' +set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 static-mapping host01 mac '00:50:00:00:00:01' +set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 static-mapping host02 ip-address '172.31.0.184' +set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 static-mapping host02 mac '00:50:00:00:00:02' +set service dhcp-server shared-network-name GUEST subnet 172.31.0.0/24 subnet-id '2' +set service dhcp-server shared-network-name IOT authoritative +set service dhcp-server shared-network-name IOT subnet 172.16.35.0/24 lease '86400' +set service dhcp-server shared-network-name IOT subnet 172.16.35.0/24 option default-router '172.16.35.254' +set service dhcp-server shared-network-name IOT subnet 172.16.35.0/24 option domain-name 'vyos.net' +set service dhcp-server shared-network-name IOT subnet 172.16.35.0/24 option domain-search 'vyos.net' +set service dhcp-server shared-network-name IOT subnet 172.16.35.0/24 option name-server '172.16.254.30' +set service dhcp-server shared-network-name IOT subnet 172.16.35.0/24 option ntp-server '172.16.254.30' +set service dhcp-server shared-network-name IOT subnet 172.16.35.0/24 range 0 start '172.16.35.101' +set service dhcp-server shared-network-name IOT subnet 172.16.35.0/24 range 0 stop '172.16.35.149' +set service dhcp-server shared-network-name IOT subnet 172.16.35.0/24 subnet-id '3' +set service dhcp-server shared-network-name LAN authoritative +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 lease '86400' +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option default-router '172.16.33.254' +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option domain-name 'vyos.net' +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option domain-search 'vyos.net' +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option name-server '172.16.254.30' +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 option ntp-server '172.16.254.30' +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 range 0 start '172.16.33.100' +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 range 0 stop '172.16.33.189' +set service dhcp-server shared-network-name LAN subnet 172.16.33.0/24 subnet-id '4' +set service dns forwarding allow-from '172.16.0.0/12' +set service dns forwarding cache-size '0' +set service dns forwarding domain 16.172.in-addr.arpa addnta +set service dns forwarding domain 16.172.in-addr.arpa name-server 172.16.100.10 +set service dns forwarding domain 16.172.in-addr.arpa name-server 172.16.100.20 +set service dns forwarding domain 16.172.in-addr.arpa name-server 172.16.110.30 +set service dns forwarding domain 16.172.in-addr.arpa recursion-desired +set service dns forwarding domain 18.172.in-addr.arpa addnta +set service dns forwarding domain 18.172.in-addr.arpa name-server 172.16.100.10 +set service dns forwarding domain 18.172.in-addr.arpa name-server 172.16.100.20 +set service dns forwarding domain 18.172.in-addr.arpa name-server 172.16.110.30 +set service dns forwarding domain 18.172.in-addr.arpa recursion-desired +set service dns forwarding domain vyos.net addnta +set service dns forwarding domain vyos.net name-server 172.16.100.10 +set service dns forwarding domain vyos.net name-server 172.16.100.20 +set service dns forwarding domain vyos.net name-server 172.16.110.30 +set service dns forwarding domain vyos.net recursion-desired +set service dns forwarding ignore-hosts-file +set service dns forwarding listen-address '172.16.254.30' +set service dns forwarding listen-address '172.31.0.254' +set service dns forwarding negative-ttl '60' +set service lldp legacy-protocols cdp +set service lldp snmp +set service mdns repeater interface 'eth0.35' +set service mdns repeater interface 'eth0.10' +set service ntp allow-client address '172.16.0.0/12' +set service ntp server 0.pool.ntp.org +set service ntp server 1.pool.ntp.org +set service ntp server 2.pool.ntp.org +set service router-advert interface eth0.10 prefix ::/64 preferred-lifetime '2700' +set service router-advert interface eth0.10 prefix ::/64 valid-lifetime '5400' +set service router-advert interface eth0.20 prefix ::/64 preferred-lifetime '2700' +set service router-advert interface eth0.20 prefix ::/64 valid-lifetime '5400' +set service snmp community fooBar authorization 'ro' +set service snmp community fooBar network '172.16.100.0/24' +set service snmp contact 'VyOS maintainers and contributors <maintainers@vyos.io>' +set service snmp listen-address 172.16.254.30 port '161' +set service snmp location 'The Internet' +set service ssh disable-host-validation +set service ssh port '22' +set system config-management commit-revisions '200' +set system conntrack expect-table-size '2048' +set system conntrack hash-size '32768' +set system conntrack modules ftp +set system conntrack modules h323 +set system conntrack modules nfs +set system conntrack modules pptp +set system conntrack modules sqlnet +set system conntrack modules tftp +set system conntrack table-size '262144' +set system conntrack timeout +set system console device ttyS0 speed '115200' +set system domain-name 'vyos.net' +set system host-name 'vyos' +set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/' +set system login user vyos authentication plaintext-password '' +set system name-server '172.16.254.30' +set system option ctrl-alt-delete 'ignore' +set system option reboot-on-panic +set system option startup-beep +set system syslog global facility all level 'debug' +set system syslog global facility local7 level 'debug' +set system syslog host 172.16.100.1 facility all level 'warning' +set system time-zone 'Europe/Berlin' |