forked from mjp66/Ubiquiti
-
Notifications
You must be signed in to change notification settings - Fork 0
/
show configuration commands.txt
300 lines (300 loc) · 17.6 KB
/
show configuration commands.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
set firewall all-ping enable
set firewall broadcast-ping disable
set firewall group address-group opendns_servers_group address 208.67.222.222
set firewall group address-group opendns_servers_group address 208.67.220.220
set firewall group address-group opendns_servers_group description 'OpenDNS Servers'
set firewall group address-group rfc-1918_group address 192.168.0.0/16
set firewall group address-group rfc-1918_group address 172.16.0.0/12
set firewall group address-group rfc-1918_group address 10.0.0.0/8
set firewall group address-group rfc-1918_group description 'RFC-1918 Group'
set firewall ipv6-name WANv6_IN default-action drop
set firewall ipv6-name WANv6_IN description 'WAN inbound traffic forwarded to LAN'
set firewall ipv6-name WANv6_IN enable-default-log
set firewall ipv6-name WANv6_IN rule 10 action accept
set firewall ipv6-name WANv6_IN rule 10 description 'Allow established/related sessions'
set firewall ipv6-name WANv6_IN rule 10 state established enable
set firewall ipv6-name WANv6_IN rule 10 state related enable
set firewall ipv6-name WANv6_IN rule 20 action drop
set firewall ipv6-name WANv6_IN rule 20 description 'Drop invalid state'
set firewall ipv6-name WANv6_IN rule 20 state invalid enable
set firewall ipv6-name WANv6_LOCAL default-action drop
set firewall ipv6-name WANv6_LOCAL description 'WAN inbound traffic to the router'
set firewall ipv6-name WANv6_LOCAL enable-default-log
set firewall ipv6-name WANv6_LOCAL rule 10 action accept
set firewall ipv6-name WANv6_LOCAL rule 10 description 'Allow established/related sessions'
set firewall ipv6-name WANv6_LOCAL rule 10 state established enable
set firewall ipv6-name WANv6_LOCAL rule 10 state related enable
set firewall ipv6-name WANv6_LOCAL rule 20 action drop
set firewall ipv6-name WANv6_LOCAL rule 20 description 'Drop invalid state'
set firewall ipv6-name WANv6_LOCAL rule 20 state invalid enable
set firewall ipv6-name WANv6_LOCAL rule 30 action accept
set firewall ipv6-name WANv6_LOCAL rule 30 description 'Allow IPv6 icmp'
set firewall ipv6-name WANv6_LOCAL rule 30 protocol ipv6-icmp
set firewall ipv6-name WANv6_LOCAL rule 40 action accept
set firewall ipv6-name WANv6_LOCAL rule 40 description 'allow dhcpv6'
set firewall ipv6-name WANv6_LOCAL rule 40 destination port 546
set firewall ipv6-name WANv6_LOCAL rule 40 protocol udp
set firewall ipv6-name WANv6_LOCAL rule 40 source port 547
set firewall ipv6-receive-redirects disable
set firewall ipv6-src-route disable
set firewall ip-src-route disable
set firewall log-martians enable
set firewall name HOME_OUT default-action accept
set firewall name HOME_OUT description 'Home Out'
set firewall name HOME_OUT rule 1 action drop
set firewall name HOME_OUT rule 1 description 'Drop Invalid Data'
set firewall name HOME_OUT rule 1 log disable
set firewall name HOME_OUT rule 1 protocol all
set firewall name HOME_OUT rule 1 state established disable
set firewall name HOME_OUT rule 1 state invalid enable
set firewall name HOME_OUT rule 1 state new disable
set firewall name HOME_OUT rule 1 state related disable
set firewall name IOT_IN default-action accept
set firewall name IOT_IN description 'Iot In'
set firewall name IOT_IN rule 1 action accept
set firewall name IOT_IN rule 1 description 'Allow Home Replies'
set firewall name IOT_IN rule 1 destination group address-group NETv4_switch0.1
set firewall name IOT_IN rule 1 log disable
set firewall name IOT_IN rule 1 protocol all
set firewall name IOT_IN rule 1 source group
set firewall name IOT_IN rule 1 state established enable
set firewall name IOT_IN rule 1 state invalid disable
set firewall name IOT_IN rule 1 state new disable
set firewall name IOT_IN rule 1 state related enable
set firewall name IOT_IN rule 2 action drop
set firewall name IOT_IN rule 2 description 'Drop RFC-1918 Traffic'
set firewall name IOT_IN rule 2 destination group address-group rfc-1918_group
set firewall name IOT_IN rule 2 log disable
set firewall name IOT_IN rule 2 protocol all
set firewall name RESTRICTED_LOCAL default-action drop
set firewall name RESTRICTED_LOCAL description 'Restricted Local'
set firewall name RESTRICTED_LOCAL rule 10 action drop
set firewall name RESTRICTED_LOCAL rule 10 description 'Drop Invalid Data'
set firewall name RESTRICTED_LOCAL rule 10 log disable
set firewall name RESTRICTED_LOCAL rule 10 protocol all
set firewall name RESTRICTED_LOCAL rule 10 state established disable
set firewall name RESTRICTED_LOCAL rule 10 state invalid enable
set firewall name RESTRICTED_LOCAL rule 10 state new disable
set firewall name RESTRICTED_LOCAL rule 10 state related disable
set firewall name RESTRICTED_LOCAL rule 20 action accept
set firewall name RESTRICTED_LOCAL rule 20 description 'Allow DNS'
set firewall name RESTRICTED_LOCAL rule 20 destination port 53
set firewall name RESTRICTED_LOCAL rule 20 log disable
set firewall name RESTRICTED_LOCAL rule 20 protocol tcp_udp
set firewall name RESTRICTED_LOCAL rule 30 action accept
set firewall name RESTRICTED_LOCAL rule 30 description 'Allow Ping'
set firewall name RESTRICTED_LOCAL rule 30 log disable
set firewall name RESTRICTED_LOCAL rule 30 protocol icmp
set firewall name RESTRICTED_LOCAL rule 40 action accept
set firewall name RESTRICTED_LOCAL rule 40 description 'Allow DHCP'
set firewall name RESTRICTED_LOCAL rule 40 destination port 67
set firewall name RESTRICTED_LOCAL rule 40 log disable
set firewall name RESTRICTED_LOCAL rule 40 protocol udp
set firewall name RESTRICTED_LOCAL rule 40 source port 68
set firewall name WAN_IN default-action drop
set firewall name WAN_IN description 'WAN to internal'
set firewall name WAN_IN rule 10 action accept
set firewall name WAN_IN rule 10 description 'Allow established/related'
set firewall name WAN_IN rule 10 state established enable
set firewall name WAN_IN rule 10 state related enable
set firewall name WAN_IN rule 20 action drop
set firewall name WAN_IN rule 20 description 'Drop invalid state'
set firewall name WAN_IN rule 20 state invalid enable
set firewall name WAN_LOCAL default-action drop
set firewall name WAN_LOCAL description 'WAN to router'
set firewall name WAN_LOCAL rule 10 action accept
set firewall name WAN_LOCAL rule 10 description 'Allow established/related'
set firewall name WAN_LOCAL rule 10 state established enable
set firewall name WAN_LOCAL rule 10 state related enable
set firewall name WAN_LOCAL rule 20 action drop
set firewall name WAN_LOCAL rule 20 description 'Drop invalid state'
set firewall name WAN_LOCAL rule 20 state invalid enable
set firewall name WIFI_GUEST_IN default-action accept
set firewall name WIFI_GUEST_IN description 'WiFi Guest In'
set firewall name WIFI_GUEST_IN rule 1 action accept
set firewall name WIFI_GUEST_IN rule 1 description 'Allow Home Replies'
set firewall name WIFI_GUEST_IN rule 1 destination group address-group NETv4_switch0.1
set firewall name WIFI_GUEST_IN rule 1 log disable
set firewall name WIFI_GUEST_IN rule 1 protocol all
set firewall name WIFI_GUEST_IN rule 1 source group
set firewall name WIFI_GUEST_IN rule 1 state established enable
set firewall name WIFI_GUEST_IN rule 1 state invalid disable
set firewall name WIFI_GUEST_IN rule 1 state new disable
set firewall name WIFI_GUEST_IN rule 1 state related enable
set firewall name WIFI_GUEST_IN rule 2 action drop
set firewall name WIFI_GUEST_IN rule 2 description 'Drop RFC-1918 Traffic'
set firewall name WIFI_GUEST_IN rule 2 destination group address-group rfc-1918_group
set firewall name WIFI_GUEST_IN rule 2 log disable
set firewall name WIFI_GUEST_IN rule 2 protocol all
set firewall name WIFI_SPARE_IN default-action accept
set firewall name WIFI_SPARE_IN description 'WiFi Spare In'
set firewall name WIFI_SPARE_IN rule 1 action accept
set firewall name WIFI_SPARE_IN rule 1 description 'Allow Home Replies'
set firewall name WIFI_SPARE_IN rule 1 destination group address-group NETv4_switch0.1
set firewall name WIFI_SPARE_IN rule 1 log disable
set firewall name WIFI_SPARE_IN rule 1 protocol all
set firewall name WIFI_SPARE_IN rule 1 source group
set firewall name WIFI_SPARE_IN rule 1 state established enable
set firewall name WIFI_SPARE_IN rule 1 state invalid disable
set firewall name WIFI_SPARE_IN rule 1 state new disable
set firewall name WIFI_SPARE_IN rule 1 state related enable
set firewall name WIFI_SPARE_IN rule 2 action drop
set firewall name WIFI_SPARE_IN rule 2 description 'Drop RFC-1918 Traffic'
set firewall name WIFI_SPARE_IN rule 2 destination group address-group rfc-1918_group
set firewall name WIFI_SPARE_IN rule 2 log disable
set firewall name WIFI_SPARE_IN rule 2 protocol all
set firewall name WIRED_SEPARATE_IN default-action accept
set firewall name WIRED_SEPARATE_IN description 'Wired Separate In'
set firewall name WIRED_SEPARATE_IN rule 1 action drop
set firewall name WIRED_SEPARATE_IN rule 1 description 'Drop RFC-1918 Traffic'
set firewall name WIRED_SEPARATE_IN rule 1 destination group address-group rfc-1918_group
set firewall name WIRED_SEPARATE_IN rule 1 log disable
set firewall name WIRED_SEPARATE_IN rule 1 protocol all
set firewall name WIRED_SEPARATE_OUT default-action accept
set firewall name WIRED_SEPARATE_OUT description 'Wired Separate Out'
set firewall name WIRED_SEPARATE_OUT rule 1 action drop
set firewall name WIRED_SEPARATE_OUT rule 1 description 'Drop RFC-1918 Traffic'
set firewall name WIRED_SEPARATE_OUT rule 1 log disable
set firewall name WIRED_SEPARATE_OUT rule 1 protocol all
set firewall name WIRED_SEPARATE_OUT rule 1 source group address-group rfc-1918_group
set firewall receive-redirects disable
set firewall send-redirects enable
set firewall source-validation disable
set firewall syn-cookies enable
set interfaces ethernet eth0 address dhcp
set interfaces ethernet eth0 description Internet
set interfaces ethernet eth0 duplex auto
set interfaces ethernet eth0 firewall in ipv6-name WANv6_IN
set interfaces ethernet eth0 firewall in name WAN_IN
set interfaces ethernet eth0 firewall local ipv6-name WANv6_LOCAL
set interfaces ethernet eth0 firewall local name WAN_LOCAL
set interfaces ethernet eth0 speed auto
set interfaces ethernet eth1 description IotNet
set interfaces ethernet eth1 duplex auto
set interfaces ethernet eth1 speed auto
set interfaces ethernet eth2 address 192.168.5.1/24
set interfaces ethernet eth2 description SeparateNet
set interfaces ethernet eth2 duplex auto
set interfaces ethernet eth2 firewall in name WIRED_SEPARATE_IN
set interfaces ethernet eth2 firewall local name RESTRICTED_LOCAL
set interfaces ethernet eth2 firewall out name WIRED_SEPARATE_OUT
set interfaces ethernet eth2 speed auto
set interfaces ethernet eth3 description Local
set interfaces ethernet eth3 duplex auto
set interfaces ethernet eth3 speed auto
set interfaces ethernet eth4 description Local
set interfaces ethernet eth4 duplex auto
set interfaces ethernet eth4 poe output off
set interfaces ethernet eth4 speed auto
set interfaces loopback lo
set interfaces switch switch0 description Local
set interfaces switch switch0 mtu 1500
set interfaces switch switch0 switch-port interface eth1 vlan pvid 7
set interfaces switch switch0 switch-port interface eth3 vlan pvid 1
set interfaces switch switch0 switch-port interface eth4 vlan pvid 1
set interfaces switch switch0 switch-port interface eth4 vlan vid 6
set interfaces switch switch0 switch-port interface eth4 vlan vid 7
set interfaces switch switch0 switch-port interface eth4 vlan vid 8
set interfaces switch switch0 switch-port vlan-aware enable
set interfaces switch switch0 vif 1 address 192.168.3.1/24
set interfaces switch switch0 vif 1 description HomeNet
set interfaces switch switch0 vif 1 firewall out name HOME_OUT
set interfaces switch switch0 vif 1 mtu 1500
set interfaces switch switch0 vif 6 address 192.168.6.1/24
set interfaces switch switch0 vif 6 description GuestNet
set interfaces switch switch0 vif 6 firewall in name WIFI_GUEST_IN
set interfaces switch switch0 vif 6 firewall local name RESTRICTED_LOCAL
set interfaces switch switch0 vif 6 mtu 1500
set interfaces switch switch0 vif 7 address 192.168.7.1/24
set interfaces switch switch0 vif 7 description IotNet
set interfaces switch switch0 vif 7 firewall in name IOT_IN
set interfaces switch switch0 vif 7 firewall local name RESTRICTED_LOCAL
set interfaces switch switch0 vif 7 mtu 1500
set interfaces switch switch0 vif 8 address 192.168.8.1/24
set interfaces switch switch0 vif 8 description SpareNet
set interfaces switch switch0 vif 8 firewall in name WIFI_SPARE_IN
set interfaces switch switch0 vif 8 firewall local name RESTRICTED_LOCAL
set interfaces switch switch0 vif 8 mtu 1500
set service dhcp-server disabled false
set service dhcp-server hostfile-update enable
set service dhcp-server shared-network-name GuestDHCP authoritative enable
set service dhcp-server shared-network-name GuestDHCP subnet 192.168.6.0/24 default-router 192.168.6.1
set service dhcp-server shared-network-name GuestDHCP subnet 192.168.6.0/24 dns-server 8.8.8.8
set service dhcp-server shared-network-name GuestDHCP subnet 192.168.6.0/24 dns-server 8.8.4.4
set service dhcp-server shared-network-name GuestDHCP subnet 192.168.6.0/24 domain-name guestnet
set service dhcp-server shared-network-name GuestDHCP subnet 192.168.6.0/24 lease 86400
set service dhcp-server shared-network-name GuestDHCP subnet 192.168.6.0/24 start 192.168.6.38 stop 192.168.6.243
set service dhcp-server shared-network-name HomeDHCP authoritative enable
set service dhcp-server shared-network-name HomeDHCP subnet 192.168.3.0/24 default-router 192.168.3.1
set service dhcp-server shared-network-name HomeDHCP subnet 192.168.3.0/24 dns-server 192.168.3.1
set service dhcp-server shared-network-name HomeDHCP subnet 192.168.3.0/24 domain-name homenet
set service dhcp-server shared-network-name HomeDHCP subnet 192.168.3.0/24 lease 86400
set service dhcp-server shared-network-name HomeDHCP subnet 192.168.3.0/24 start 192.168.3.38 stop 192.168.3.243
set service dhcp-server shared-network-name IotDHCP authoritative enable
set service dhcp-server shared-network-name IotDHCP subnet 192.168.7.0/24 default-router 192.168.7.1
set service dhcp-server shared-network-name IotDHCP subnet 192.168.7.0/24 dns-server 192.168.7.1
set service dhcp-server shared-network-name IotDHCP subnet 192.168.7.0/24 domain-name iotnet
set service dhcp-server shared-network-name IotDHCP subnet 192.168.7.0/24 lease 86400
set service dhcp-server shared-network-name IotDHCP subnet 192.168.7.0/24 start 192.168.7.38 stop 192.168.7.243
set service dhcp-server shared-network-name SeparateDHCP authoritative enable
set service dhcp-server shared-network-name SeparateDHCP subnet 192.168.5.0/24 default-router 192.168.5.1
set service dhcp-server shared-network-name SeparateDHCP subnet 192.168.5.0/24 dns-server 8.8.8.8
set service dhcp-server shared-network-name SeparateDHCP subnet 192.168.5.0/24 dns-server 8.8.4.4
set service dhcp-server shared-network-name SeparateDHCP subnet 192.168.5.0/24 domain-name separatenet
set service dhcp-server shared-network-name SeparateDHCP subnet 192.168.5.0/24 lease 86400
set service dhcp-server shared-network-name SeparateDHCP subnet 192.168.5.0/24 start 192.168.5.38 stop 192.168.5.243
set service dhcp-server shared-network-name SpareDHCP authoritative enable
set service dhcp-server shared-network-name SpareDHCP subnet 192.168.8.0/24 default-router 192.168.8.1
set service dhcp-server shared-network-name SpareDHCP subnet 192.168.8.0/24 dns-server 8.8.8.8
set service dhcp-server shared-network-name SpareDHCP subnet 192.168.8.0/24 dns-server 8.8.4.4
set service dhcp-server shared-network-name SpareDHCP subnet 192.168.8.0/24 domain-name sparenet
set service dhcp-server shared-network-name SpareDHCP subnet 192.168.8.0/24 lease 86400
set service dhcp-server shared-network-name SpareDHCP subnet 192.168.8.0/24 start 192.168.8.38 stop 192.168.8.243
set service dhcp-server static-arp disable
set service dhcp-server use-dnsmasq enable
set service dns forwarding cache-size 400
set service dns forwarding listen-on switch0
set service dns forwarding system
set service gui http-port 80
set service gui https-port 443
set service gui older-ciphers enable
set service nat rule 1 description 'Exclude OpenDNS IOT'
set service nat rule 1 destination group address-group opendns_servers_group
set service nat rule 1 destination port 53
set service nat rule 1 exclude
set service nat rule 1 inbound-interface switch0.7
set service nat rule 1 inside-address port 53
set service nat rule 1 log disable
set service nat rule 1 protocol tcp_udp
set service nat rule 1 type destination
set service nat rule 2 description 'Force OpenDNS IOT'
set service nat rule 2 destination port 53
set service nat rule 2 inbound-interface switch0.7
set service nat rule 2 inside-address address 208.67.222.222
set service nat rule 2 log disable
set service nat rule 2 protocol tcp_udp
set service nat rule 2 type destination
set service nat rule 5010 description 'masquerade for WAN'
set service nat rule 5010 outbound-interface eth0
set service nat rule 5010 type masquerade
set service ssh port 22
set service ssh protocol-version v2
set service unms disable
set system analytics-handler send-analytics-report false
set system crash-handler send-crash-report false
set system host-name EdgeRouter-X-5-Port
set system login user ubnt authentication encrypted-password '$5$soDYN3ddRQJvb4r0$YkMRLsphenANCf7nMMfHbB8E2Pn9.rCmA1ORblkJTQD'
set system login user ubnt level admin
set system name-server 209.244.0.3
set system name-server 209.244.0.4
set system ntp server 0.ubnt.pool.ntp.org
set system ntp server 1.ubnt.pool.ntp.org
set system ntp server 2.ubnt.pool.ntp.org
set system ntp server 3.ubnt.pool.ntp.org
set system offload hwnat enable
set system static-host-mapping host-name router.local inet 192.168.3.1
set system syslog global facility all level notice
set system syslog global facility protocols level debug
set system time-zone America/New_York
set system traffic-analysis dpi enable
set system traffic-analysis export enable