{ "firewall": { "global-options": { "all-ping": "enable", "broadcast-ping": "disable", "ip-src-route": "disable", "ipv6-receive-redirects": "disable", "ipv6-src-route": "disable", "log-martians": "enable", "receive-redirects": "disable", "send-redirects": "enable", "source-validation": "disable", "syn-cookies": "enable", "timeout": { "tcp": { "time-wait": "15" } } }, "group": { "interface-group": { "IG_LAN": { "interface": [ "eth6" ] }, "IG_WAN": { "interface": [ "eth5" ] } } }, "ipv4": { "forward": { "filter": { "default-action": "accept", "rule": { "5": { "action": "jump", "inbound-interface": { "name": "eth5" }, "jump-target": "WAN_IN" }, "101": { "action": "accept", "inbound-interface": { "group": "IG_LAN" }, "outbound-interface": { "group": "IG_LAN" } }, "106": { "action": "jump", "inbound-interface": { "group": "IG_WAN" }, "jump-target": "WAN_IN", "outbound-interface": { "group": "IG_LAN" } }, "111": { "action": "drop", "description": "zone_LAN default-action", "outbound-interface": { "group": "IG_LAN" } }, "116": { "action": "accept", "inbound-interface": { "group": "IG_WAN" }, "outbound-interface": { "group": "IG_WAN" } }, "121": { "action": "jump", "inbound-interface": { "group": "IG_LAN" }, "jump-target": "IN_WAN", "outbound-interface": { "group": "IG_WAN" } }, "126": { "action": "drop", "description": "zone_WAN default-action", "outbound-interface": { "group": "IG_WAN" } } } } }, "input": { "filter": { "default-action": "accept", "rule": { "5": { "action": "jump", "inbound-interface": { "name": "eth5" }, "jump-target": "WAN_LOCAL" }, "101": { "action": "jump", "inbound-interface": { "group": "IG_LAN" }, "jump-target": "IN_LOCAL" }, "106": { "action": "jump", "inbound-interface": { "group": "IG_WAN" }, "jump-target": "WAN_LOCAL" }, "111": { "action": "drop" } } } }, "name": { "IN_LOCAL": { "default-action": "accept" }, "IN_WAN": { "default-action": "accept" }, "LOCAL_IN": { "default-action": "accept" }, "LOCAL_WAN": { "default-action": "accept" }, "WAN_IN": { "default-action": "drop", "description": "WAN to internal", "rule": { "10": { "action": "accept", "description": "Allow established/related" }, "20": { "action": "drop", "description": "Drop invalid state" }, "1000": { "action": "accept", "description": "Plex", "destination": { "port": "32400" }, "protocol": "tcp_udp" }, "1001": { "action": "accept", "description": "BitTorrent", "destination": { "port": "49500" }, "protocol": "tcp_udp" }, "1002": { "action": "accept", "description": "WireGuard", "destination": { "port": "53820-53829" }, "protocol": "tcp_udp" }, "1003": { "action": "accept", "description": "Minecraft", "destination": { "port": "25565" }, "protocol": "tcp_udp" }, "1005": { "action": "accept", "description": "Web", "destination": { "port": "443,80" }, "protocol": "tcp_udp" } } }, "WAN_LOCAL": { "default-action": "drop", "description": "WAN to router", "rule": { "10": { "action": "accept", "description": "Allow established/related" }, "20": { "action": "accept", "protocol": "icmp" }, "30": { "action": "drop", "description": "Drop invalid state" } } } }, "output": { "filter": { "default-action": "accept", "rule": { "101": { "action": "jump", "jump-target": "LOCAL_IN", "outbound-interface": { "group": "IG_LAN" } }, "106": { "action": "jump", "jump-target": "LOCAL_WAN", "outbound-interface": { "group": "IG_WAN" } }, "111": { "action": "drop" } } } } }, "ipv6": { "forward": { "filter": { "default-action": "accept", "rule": { "101": { "action": "accept", "inbound-interface": { "group": "IG_LAN" }, "outbound-interface": { "group": "IG_LAN" } }, "106": { "action": "drop", "description": "zone_LAN default-action", "outbound-interface": { "group": "IG_LAN" } }, "111": { "action": "accept", "inbound-interface": { "group": "IG_WAN" }, "outbound-interface": { "group": "IG_WAN" } }, "116": { "action": "drop", "description": "zone_WAN default-action", "outbound-interface": { "group": "IG_WAN" } } } } }, "input": { "filter": { "default-action": "accept", "rule": { "101": { "action": "drop" } } } }, "output": { "filter": { "default-action": "accept", "rule": { "101": { "action": "drop" } } } } } }, "interfaces": { "ethernet": { "eth0": { "hw-id": "d4:3d:7e:94:6e:eb", "offload": { "gro": {} } }, "eth5": { "address": [ "dhcp" ], "hw-id": "6c:b3:11:32:46:24", "offload": { "gro": {}, "gso": {}, "sg": {}, "tso": {} } }, "eth6": { "address": [ "192.168.1.1/24" ], "description": "Primary Switch", "duplex": "auto", "hw-id": "6c:b3:11:32:46:25", "offload": { "gro": {}, "gso": {}, "rps": {}, "sg": {}, "tso": {} }, "speed": "auto" } }, "loopback": { "lo": {} } }, "nat": { "destination": { "rule": { "1000": { "description": "Plex", "destination": { "port": "32400" }, "inbound-interface": { "name": "eth5" }, "protocol": "tcp_udp", "translation": { "address": "192.168.1.23" } }, "1001": { "description": "BitTorrent", "destination": { "port": "49500" }, "inbound-interface": { "name": "eth5" }, "protocol": "tcp_udp", "translation": { "address": "192.168.1.23" } }, "1002": { "description": "WireGuard", "destination": { "port": "53820-53829" }, "inbound-interface": { "name": "eth5" }, "protocol": "tcp_udp", "translation": { "address": "192.168.1.23" } }, "1003": { "description": "Minecraft", "destination": { "port": "25565" }, "inbound-interface": { "name": "eth5" }, "protocol": "tcp_udp", "translation": { "address": "192.168.1.23" } }, "1005": { "description": "Web", "destination": { "port": "443,80" }, "inbound-interface": { "name": "eth5" }, "protocol": "tcp_udp", "translation": { "address": "192.168.1.23" } }, "1100": { "description": "Plex (Hairpin NAT)", "destination": { "address": "$PUBLIC_IP", "port": "32400" }, "inbound-interface": { "name": "eth6" }, "protocol": "tcp_udp", "translation": { "address": "192.168.1.23" } }, "1102": { "description": "Wireguard (Hairpin NAT)", "destination": { "address": "$PUBLIC_IP", "port": "53820-53829" }, "inbound-interface": { "name": "eth6" }, "protocol": "tcp_udp", "translation": { "address": "192.168.1.23" } }, "1103": { "description": "Minecraft (Hairpin NAT)", "destination": { "address": "$PUBLIC_IP", "port": "25565" }, "inbound-interface": { "name": "eth6" }, "protocol": "tcp_udp", "translation": { "address": "192.168.1.23" } }, "1105": { "description": "Web (Hairpin NAT)", "destination": { "address": "$PUBLIC_IP", "port": "80,443" }, "inbound-interface": { "name": "eth6" }, "protocol": "tcp_udp", "translation": { "address": "192.168.1.23" } } } }, "source": { "rule": { "99": { "description": "Masquerade as public IP on internet", "outbound-interface": { "name": "eth5" }, "source": { "address": "192.168.1.0/24" }, "translation": { "address": "masquerade" } }, "100": { "description": "NAT Reflection", "destination": { "address": "192.168.1.0/24" }, "outbound-interface": { "name": "eth6" }, "protocol": "tcp_udp", "source": { "address": "192.168.1.0/24" }, "translation": { "address": "masquerade" } } } } }, "qos": { "interface": { "eth5": { "ingress": "LIMITER" }, "eth6": { "ingress": "LIMITER" } }, "policy": { "limiter": { "LIMITER": { "default": { "bandwidth": "750mbit", "burst": "750mbit" } } } } }, "service": { "dhcp-server": { "shared-network-name": { "LAN": { "option": { "domain-name": "local", "domain-search": [ "local" ], "name-server": [ "192.168.1.32" ] }, "subnet": { "192.168.1.0/24": { "lease": "86400", "option": { "default-router": "192.168.1.1" }, "range": { "1": { "start": "192.168.1.100", "stop": "192.168.1.254" } }, "static-mapping": { "U6-Lite": { "ip-address": "192.168.1.3", "mac": "78:45:58:67:87:14" }, "UAP-AC-LR": { "ip-address": "192.168.1.2", "mac": "18:e8:29:50:f7:5b" }, "barbarian": { "ip-address": "192.168.1.10", "mac": "40:8d:5c:52:41:89" }, "joey-desktop": { "ip-address": "192.168.1.100", "mac": "04:92:26:DA:BA:C5" }, "joey-server2": { "ip-address": "192.168.1.24", "mac": "24:4b:fe:57:bc:85" }, "joey-server3": { "ip-address": "192.168.1.25", "mac": "78:45:c4:05:4f:21" }, "joey-server4": { "ip-address": "192.168.1.26", "mac": "90:2b:34:37:ce:e8" }, "monk": { "ip-address": "192.168.1.11", "mac": "90:2b:34:37:ce:ea" }, "paladin": { "ip-address": "192.168.1.12", "mac": "00:02:c9:50:d6:9a" }, "pihole1": { "ip-address": "192.168.1.21", "mac": "b8:27:eb:3c:8e:bb" }, "pihole2": { "ip-address": "192.168.1.22", "mac": "b8:27:eb:ff:76:6e" }, "tasmota-1": { "ip-address": "192.168.1.50", "mac": "3C:61:05:F6:44:1E" }, "tasmota-2": { "ip-address": "192.168.1.51", "mac": "3c:61:05:f6:d7:d3" }, "tasmota-3": { "ip-address": "192.168.1.52", "mac": "3c:61:05:f6:f0:62" }, "tasmota-55": { "ip-address": "192.168.1.55", "mac": "3C:61:05:F7:1F:C4" }, "tasmota-cowboy-day": { "disable": {}, "ip-address": "192.168.1.52", "mac": "3C:61:05:F6:F0:62" }, "tasmota-figment-day": { "ip-address": "192.168.1.53", "mac": "3C:61:05:F6:60:A1" }, "tasmota-figment-night": { "ip-address": "192.168.1.54", "mac": "3C:61:05:F7:34:CD" }, "tasmota-lab-rack": { "disable": {}, "ip-address": "192.168.1.51", "mac": "3C:61:05:F6:D7:D3" }, "tasmota-sprout-day": { "ip-address": "192.168.1.57", "mac": "3C:61:05:F7:52:DB" }, "tasmota-toes-day": { "disable": {}, "ip-address": "192.168.1.50", "mac": "3C:61:05:F6:44:1E" }, "tasmota-toes-night": { "ip-address": "192.168.1.56", "mac": "3C:61:05:F7:33:29" }, "wyse1": { "ip-address": "192.168.1.31", "mac": "6c:2b:59:37:89:40" }, "wyse2": { "ip-address": "192.168.1.32", "mac": "6c:2b:59:37:9e:91" }, "wyse3": { "ip-address": "192.168.1.33", "mac": "6c:2b:59:37:9e:00" } }, "subnet-id": "1" } } } } }, "dns": { "forwarding": { "allow-from": [ "192.168.1.0/24" ], "cache-size": "1000000", "listen-address": [ "192.168.1.1" ], "name-server": { "192.168.1.32": {} } } }, "monitoring": { "telegraf": { "prometheus-client": {} } }, "ntp": { "allow-client": { "address": [ "0.0.0.0/0", "::/0" ] }, "server": { "time-a-wwv.nist.gov": {}, "time-b-wwv.nist.gov": {}, "time-c-wwv.nist.gov": {}, "time-d-wwv.nist.gov": {}, "time-e-wwv.nist.gov": {} } }, "ssh": { "disable-password-authentication": {}, "port": [ "22" ] } }, "system": { "config-management": { "commit-revisions": "200" }, "conntrack": { "expect-table-size": "8192", "hash-size": "32768", "modules": { "ftp": {}, "h323": {}, "nfs": {}, "pptp": {}, "sip": {}, "sqlnet": {}, "tftp": {} }, "table-size": "262144", "timeout": {} }, "console": { "device": { "ttyS0": { "speed": "115200" } } }, "host-name": "vyos", "login": { "banner": {}, "user": { "vyos": { "authentication": { "encrypted-password": "$system_login_user_vyos_authentication_encryptedpassword", "otp": { "key": "$system_login_user_vyos_authentication_otp_key", "rate-limit": "3", "rate-time": "30", "window-size": "3" }, "public-keys": { "deploy@gitea.jafner.tools": { "key": "AAAAC3NzaC1lZDI1NTE5AAAAIBzQU/ZbpLXgAXUImNKNfkyEkggRfgVDCozOVby/CLMR", "type": "ssh-ed25519" }, "jafner425@gmail.com": { "key": "AAAAC3NzaC1lZDI1NTE5AAAAIMbzncsWNWxoDSqeva/ZoGHv32A0ggUMWfzx2Gz6Kmkk", "type": "ssh-ed25519" } } } } } }, "name-server": [ "192.168.1.32", "eth5" ], "option": { "performance": "latency" }, "syslog": { "global": { "facility": { "all": { "level": "info" }, "local7": { "level": "debug" } } } }, "task-scheduler": { "task": { "cfddns-jafner-net": { "executable": { "arguments": "jafner.net $(cat /config/scripts/cloudflare.token)", "path": "/config/scripts/cfddns.sh" }, "interval": "1d" } } }, "time-zone": "America/Los_Angeles" } }