From 088e7b2e95cac0006f0ab930fd6e8c4d33df8ff7 Mon Sep 17 00:00:00 2001 From: Joey Hafner Date: Sun, 31 Jul 2022 21:52:04 -0700 Subject: [PATCH] Update new-config.boot to live --- router/config/new-config.boot | 382 ++++++++++++++++------------------ 1 file changed, 185 insertions(+), 197 deletions(-) diff --git a/router/config/new-config.boot b/router/config/new-config.boot index 90291c8..cf6924f 100644 --- a/router/config/new-config.boot +++ b/router/config/new-config.boot @@ -1,281 +1,275 @@ firewall { - all-ping enable - broadcast-ping disable - ipv6-receive-redirects disable - ipv6-src-route disable - ip-src-route disable - log-martians enable + all-ping "enable" + broadcast-ping "disable" + ipv6-receive-redirects "disable" + ipv6-src-route "disable" + ip-src-route "disable" + log-martians "enable" name WAN_IN { - default-action drop + default-action "drop" description "WAN to internal" rule 10 { - action accept + action "accept" description "Allow established/related" state { - established enable - related enable + established "enable" + related "enable" } } rule 20 { - action drop + action "drop" description "Drop invalid state" state { - invalid enable + invalid "enable" } } } name WAN_LOCAL { - default-action drop + default-action "drop" description "WAN to router" rule 10 { - action accept + action "accept" description "Allow established/related" state { - established enable - related enable + established "enable" + related "enable" } } rule 30 { - action drop + action "drop" description "Drop invalid state" state { - invalid enable + invalid "enable" } } } - receive-redirects disable - send-redirects enable - source-validation disable - syn-cookies enable + receive-redirects "disable" + send-redirects "enable" + source-validation "disable" + syn-cookies "enable" } interfaces { bridge br0 { - address 192.168.1.1/24 + address "192.168.1.1/24" member { - interface eth1 { - } - interface eth2 { - } + interface eth1 { } + interface eth2 { } } } ethernet eth0 { - address 192.168.200.1/24 + hw-id "d4:3d:7e:94:6e:eb" + address "192.168.200.1/24" description "Emergency ad-hoc" - duplex auto - hw-id d4:3d:7e:94:6e:eb - speed auto + duplex "auto" + speed "auto" } ethernet eth1 { + hw-id "00:15:17:b8:dc:28" description "Primary Switch" - duplex auto - hw-id 00:15:17:b8:dc:28 + duplex "auto" offload { - sg - tso + sg { } + tso { } } - speed auto + speed "auto" } ethernet eth2 { + hw-id "00:15:17:b8:dc:29" description "PoE Switch for WAPs" - duplex auto - hw-id 00:15:17:b8:dc:29 + duplex "auto" offload { - sg - tso + sg { } + tso { } } - speed auto + speed "auto" } ethernet eth3 { + hw-id "00:15:17:b8:dc:2a" description "Reserved for multi-gig switch" - hw-id 00:15:17:b8:dc:2a offload { - sg - tso + sg { } + tso { } } } ethernet eth4 { - address dhcp + hw-id "00:15:17:b8:dc:2b" + address "dhcp" description "Internet (PPPoE)" - duplex auto - hw-id 00:15:17:b8:dc:2b - ip { - adjust-mss 1200 - } + duplex "auto" offload { - sg - tso + sg { } + tso { } } - speed auto - } - loopback lo { + speed "auto" } + loopback lo { } pppoe pppoe0 { authentication { - password **************** - user hafnerjoseph + password "24ydrUYs" + user "hafnerjoseph" } firewall { in { - name WAN_IN + name "WAN_IN" } local { - name WAN_LOCAL + name "WAN_LOCAL" } } - mtu 1492 - no-peer-dns - source-interface eth4 + mtu "1492" + no-peer-dns { } + source-interface "eth4" } } nat { destination { rule 101 { - description https,http + description "https,http" destination { - port 443,80 + port "443,80" } - inbound-interface eth4 - protocol tcp_udp + inbound-interface "eth4" + protocol "tcp_udp" translation { - address 192.168.1.23 + address "192.168.1.23" } } rule 102 { - description Plex + description "Plex" destination { - port 32400 + port "32400" } - inbound-interface eth4 - protocol tcp_udp + inbound-interface "eth4" + protocol "tcp_udp" translation { - address 192.168.1.23 + address "192.168.1.23" } } rule 103 { - description BitTorrent + description "BitTorrent" destination { - port 50000 + port "50000" } - inbound-interface eth4 - protocol tcp_udp + inbound-interface "eth4" + protocol "tcp_udp" translation { - address 192.168.1.23 + address "192.168.1.23" } } rule 104 { - description WireGuard + description "WireGuard" destination { - port 53820-53829 + port "53820-53829" } - inbound-interface eth4 - protocol tcp_udp + inbound-interface "eth4" + protocol "tcp_udp" translation { - address 192.168.1.23 + address "192.168.1.23" } } rule 105 { - description Minecraft + description "Minecraft" destination { - port 25565 + port "25565" } - inbound-interface eth4 - protocol tcp_udp + inbound-interface "eth4" + protocol "tcp_udp" translation { - address 192.168.1.23 + address "192.168.1.23" } } rule 106 { - description Iperf + description "Iperf" destination { - port 50201 + port "50201" } - inbound-interface eth4 - protocol tcp_udp + inbound-interface "eth4" + protocol "tcp_udp" translation { - address 192.168.1.23 + address "192.168.1.23" } } rule 107 { description "PeerTube Live" destination { - port 1935 + port "1935" } - inbound-interface eth4 - protocol tcp_udp + inbound-interface "eth4" + protocol "tcp_udp" translation { - address 192.168.1.23 + address "192.168.1.23" } } rule 108 { description "Git SSH" destination { - port 2228-2229 + port "2228-2229" } - inbound-interface eth4 - protocol tcp_udp + inbound-interface "eth4" + protocol "tcp_udp" translation { - address 192.168.1.23 + address "192.168.1.23" } } rule 109 { - description SFTP + description "SFTP" destination { - port 23450 + port "23450" } - inbound-interface eth4 - protocol tcp_udp + inbound-interface "eth4" + protocol "tcp_udp" translation { - address 192.168.1.23 + address "192.168.1.23" } } rule 110 { - description Terraria + description "Terraria" destination { - port 50777 + port "50777" } - inbound-interface eth4 - protocol tcp_udp + inbound-interface "eth4" + protocol "tcp_udp" translation { - address 192.168.1.100 - port 7777 + address "192.168.1.100" + port "7777" } } } source { rule 1000 { destination { - address 192.168.1.0/24 + address "192.168.1.0/24" } - outbound-interface eth1 + outbound-interface "eth1" source { - address 192.168.1.0/24 + address "192.168.1.0/24" } translation { - address masquerade + address "masquerade" } } rule 1001 { destination { - address 192.168.1.0/24 + address "192.168.1.0/24" } - outbound-interface eth2 + outbound-interface "eth2" source { - address 192.168.1.0/24 + address "192.168.1.0/24" } translation { - address masquerade + address "masquerade" } } rule 1002 { destination { - address 192.168.1.0/24 + address "192.168.1.0/24" } - outbound-interface eth3 + outbound-interface "eth3" source { - address 192.168.1.0/24 + address "192.168.1.0/24" } translation { - address masquerade + address "masquerade" } } } @@ -283,145 +277,139 @@ nat { service { dhcp-server { shared-network-name LAN1 { - authoritative - domain-name local - domain-search local - name-server 1.1.1.1 - name-server 1.0.0.1 + authoritative { } + domain-name "local" + domain-search "local" + name-server "1.1.1.1" + name-server "1.0.0.1" subnet 192.168.1.0/24 { - default-router 192.168.1.1 - lease 86400 + default-router "192.168.1.1" + lease "86400" range 1 { - start 192.168.1.100 - stop 192.168.1.254 + start "192.168.1.100" + stop "192.168.1.254" } static-mapping U6-Lite { - ip-address 192.168.1.3 - mac-address 78:45:58:67:87:14 + ip-address "192.168.1.3" + mac-address "78:45:58:67:87:14" } static-mapping UAP-AC-LR { - ip-address 192.168.1.2 - mac-address 18:e8:29:50:f7:5b + ip-address "192.168.1.2" + mac-address "18:e8:29:50:f7:5b" } static-mapping joey-nas { - ip-address 192.168.1.10 - mac-address 40:8d:5c:52:41:89 + ip-address "192.168.1.10" + mac-address "40:8d:5c:52:41:89" } static-mapping joey-seedbox { - ip-address 192.168.1.21 - mac-address 24:4b:fe:57:bc:85 + ip-address "192.168.1.21" + mac-address "24:4b:fe:57:bc:85" } static-mapping joey-server { - ip-address 192.168.1.23 - mac-address 24:4b:fe:8b:f3:b0 + ip-address "192.168.1.23" + mac-address "24:4b:fe:8b:f3:b0" } static-mapping joeyPrinter { - ip-address 192.168.1.60 - mac-address 9c:32:ce:7c:f8:25 + ip-address "192.168.1.60" + mac-address "9c:32:ce:7c:f8:25" } static-mapping pihole { - ip-address 192.168.1.22 - mac-address b8:27:eb:3c:8e:bb + ip-address "192.168.1.22" + mac-address "b8:27:eb:3c:8e:bb" } static-mapping tasmota-1 { - ip-address 192.168.1.50 - mac-address 3C:61:05:F6:44:1E + ip-address "192.168.1.50" + mac-address "3C:61:05:F6:44:1E" } static-mapping tasmota-2 { - ip-address 192.168.1.51 - mac-address 3c:61:05:f6:d7:d3 + ip-address "192.168.1.51" + mac-address "3c:61:05:f6:d7:d3" } static-mapping tasmota-3 { - ip-address 192.168.1.52 - mac-address 3c:61:05:f6:f0:62 + ip-address "192.168.1.52" + mac-address "3c:61:05:f6:f0:62" } } } } dns { forwarding { - allow-from 0.0.0.0/0 - allow-from ::/0 - cache-size 1000000 - listen-address 192.168.1.1 - name-server 192.168.1.1 - name-server 1.1.1.1 - name-server 1.0.0.1 - system + allow-from "0.0.0.0/0" + allow-from "::/0" + cache-size "1000000" + listen-address "192.168.1.1" + name-server "192.168.1.1" + name-server "1.1.1.1" + name-server "1.0.0.1" + system { } } } monitoring { telegraf { - prometheus-client { - } + prometheus-client { } } } ssh { - disable-password-authentication - port 22 + disable-password-authentication { } + port "22" } } system { config-management { - commit-revisions 200 + commit-revisions "200" } conntrack { modules { - ftp - h323 - nfs - pptp - sip - sqlnet - tftp + ftp { } + h323 { } + nfs { } + pptp { } + sip { } + sqlnet { } + tftp { } } } console { device ttyS0 { - speed 115200 + speed "115200" } } - host-name vyos + host-name "vyos" login { user vyos { authentication { - encrypted-password **************** + encrypted-password "$5$j8QJRFCpc2Pc90kV$AA7DbPJldnwMlahDbbFWf0N9WiNnL9faW473jO9z1Z0" public-keys jafner425@gmail.com { - key **************** - type ssh-rsa + key "AAAAB3NzaC1yc2EAAAADAQABAAAEAQCyolGiQAOvyKZ9GtPx2FbKwdt8twLuKs8l0+o3QVZsS5NCG4pX6GXuH8GspmHSedy4yfgVBN0NlOoVPpwxGslZZ5BLkOyhfcoiayPMbYyEpyiujcmnIUlNLI04otz7Ucqhopy+DC/+UpLTMqgnlevWDJW5YgYNAInPFNP7cIJ//sjimisP/su0n4DTzq/1WDUHN+Pk2LKw9P6NnAyk+RhSAH2v5Z/sq0FjUVxe57oNnCGec8KzVsxvI3PP44ax17n8MIyZlXhDa41+1u/LsE9oHSeidaWz8S8IZaRQbUkdtaViiOL+JS55ZOut11cmEOBTsXgmwEH9d1gLS5NKukwTDruBjznqJDXuFlcoRvHIYOTbBXVBDzI710kX7hucks/XZuUhXuOsO0hqQjqAJFX/LKbeR/XN+7AvuGIy25bslZu3/HUdL9UYhenm/AJL5YtUKRsLIeznRyHJcJ8905qgMIELRVWYxTDlekbsL5rNzrRSJ4+gV9Y5TFe1uxRaqqGiuyJ1T7/R2++z+p+sYoBJOY+vehUul7CtaYeVe7FUGuJzWHylkmkOMSJQb0XvjQWjFgSOstIf4MoFcRSfgztL4C2utDNayvR2XjLjRcaZnIzzAkBweY/g0Y0Jnnjk+dmnKWeoDHUXOT/GHGi/KfL4lwnQFRtS8x6M52sX417Of9K14ljILaHESJibjPN2jWboQdvTw0PFhbr72jr6+rhayuiP3n+5rENtDxwPlfYdSsCdgVyg7HC/2F6ZL5QHXctJFjIswMdJds+3pHnb7l5d4TiRdBQNQGVv7pYYfZdyqMGk5sdKXBzn/uS1a0SRqzJAhgH6nA67HfuBKq2xwu86hlOnc6hsFuehXAweaZ/UvTBiCE+4oYokAyHcpHsjOYqTmK6rSTTfGQ3Yc8zgD5vGb04tGRMVFA0+uQSrcBeIidxFZA1pbrMuDGDQDqtevIyna+rN958IWjCMvs8O+wro4SFYKAHYOkaBW0syQl1m/GKePcDJR6rkLx8eLrr6jaj4rHAS5fVJVYOpPIkrnfI5kTvnuRqJTH9NIaan3q4+6mAQ1prBqrtO2RUWcdmfkuVuUapDcqhgqGQqzsaKNWjsiCr21CPnYuj8pYItyJziF2VGS5oci2feCxWwbqqW8WUXZha7PnhQaIIiv7vyIo/JVWKK12v8UfeFRiRL73JOfFdtRCWldQxF2yRTt5gFxObCPQj5oSj1+Buc/IzQwqkKxeKpjUdtYt1RjsU3rJR1JDjEhrbbN/LZg986wkxrsLVqQmsXxSniai2X4vN+9KZu4kcg8Crk4g29+L0Snj0P7PQ61SXT3HMZxp5T2jLvekwLyn9yIKl75IiQSdgp+DIv" + type "ssh-rsa" } public-keys joey@joey-server { - key **************** - type ssh-rsa + key "AAAAB3NzaC1yc2EAAAADAQABAAACAQDOCCXndD7BbVmUHsYEkVLobZVBbZ8mgHjpKreUSsyZLah9Et2VxzATOh1bnXwapHu137h/cMeBDBPD3AfoCT3njd/mvVZB3INkyS8mPoFuwYViHmlW2L+6Bv5kGiMpjK/G5lPkKLsA79bTMu2kuAM6usslap3hEdwNW0vK3a+feM1RSwxirQmDXq4WRmsY9r4Md9wIfxLaezy0l0oK8k7xqMeiLrqMsrpsDOVV5Cb7iyufDqEx4QbicosrMD+C4Mql8ptdOYVj86jOND9lcpoqujOQWD2k8Cvl/zdoWY3ZG7duZjD9NYFgvM7F62LM5p7t5iNicxcegCqdZmFR5+ueZtoIn6BpCT4cvAWHSipRuvNmAWaQBnfr/NKh4H2QF0wJluDkG+wTrJPjH9FmK4sUHdOx+rqZ4iWhhZ7a2c4wNgm9i+UHoh//MPSvWOC5lQ97FvTUVBmE8BiWh8tZ82SxjSUtWaYPGZEmJvEIVXus70aY8Rwelxn9gXTwLlzRZl+0G7XOQia1EIj8VnUtPtWMxHeI09klOP1BRUVSRXBGOvz1UjbHIAEYvnxkTiW5LG1xxJopUQ3QiyDDERBbelLtM3iBIRFbVlFcqyIG3OsZaR90LwngBFIMtPZrv3vWTg3YdtMDw7uW1SVHHBDfxEc9cSBYQinVGupUmyztTLkM4Q==" + type "ssh-rsa" } } } } - name-server 192.168.1.1 - name-server 1.1.1.1 - name-server 1.0.0.1 - name-server eth4 + name-server "192.168.1.1" + name-server "1.1.1.1" + name-server "1.0.0.1" + name-server "eth4" ntp { - server time-a-wwv.nist.gov { - } - server time-b-wwv.nist.gov { - } - server time-c-wwv.nist.gov { - } - server time-d-wwv.nist.gov { - } - server time-e-wwv.nist.gov { - } + server time-a-wwv.nist.gov { } + server time-b-wwv.nist.gov { } + server time-c-wwv.nist.gov { } + server time-d-wwv.nist.gov { } + server time-e-wwv.nist.gov { } } syslog { global { facility all { - level info + level "info" } facility protocols { - level debug + level "debug" } } } - time-zone America/Los_Angeles -} + time-zone "America/Los_Angeles" +} \ No newline at end of file