Init new, split, commands-based configuration for wizard to ease automated deployment
All checks were successful
Deploy to Wizard / Deploy (push) Successful in 3s
All checks were successful
Deploy to Wizard / Deploy (push) Successful in 3s
This commit is contained in:
parent
26e029535b
commit
908a08629f
16
wizard/config/configure.sh
Normal file
16
wizard/config/configure.sh
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
#!/bin/vbash
|
||||||
|
|
||||||
|
if [ "$(id -g -n)" != 'vyattacfg' ] ; then
|
||||||
|
exec sg vyattacfg -c "/bin/vbash $(readlink -f $0) $@"
|
||||||
|
fi
|
||||||
|
|
||||||
|
source /opt/vyatta/etc/functions/script-template
|
||||||
|
|
||||||
|
. firewall.sh
|
||||||
|
. interfaces.sh
|
||||||
|
. nat.sh
|
||||||
|
. qos.sh
|
||||||
|
. service.sh
|
||||||
|
. system.sh
|
||||||
|
|
||||||
|
exit
|
122
wizard/config/firewall.sh
Normal file
122
wizard/config/firewall.sh
Normal file
@ -0,0 +1,122 @@
|
|||||||
|
set firewall global-options all-ping 'enable'
|
||||||
|
set firewall global-options broadcast-ping 'disable'
|
||||||
|
set firewall global-options ip-src-route 'disable'
|
||||||
|
set firewall global-options ipv6-receive-redirects 'disable'
|
||||||
|
set firewall global-options ipv6-src-route 'disable'
|
||||||
|
set firewall global-options log-martians 'enable'
|
||||||
|
set firewall global-options receive-redirects 'disable'
|
||||||
|
set firewall global-options send-redirects 'enable'
|
||||||
|
set firewall global-options source-validation 'disable'
|
||||||
|
set firewall global-options syn-cookies 'enable'
|
||||||
|
set firewall group interface-group IG_LAN interface 'eth6'
|
||||||
|
set firewall group interface-group IG_WAN interface 'pppoe1'
|
||||||
|
set firewall ipv4 forward filter default-action 'accept'
|
||||||
|
set firewall ipv4 forward filter rule 5 action 'jump'
|
||||||
|
set firewall ipv4 forward filter rule 5 inbound-interface name 'pppoe1'
|
||||||
|
set firewall ipv4 forward filter rule 5 jump-target 'WAN_IN'
|
||||||
|
set firewall ipv4 forward filter rule 101 action 'accept'
|
||||||
|
set firewall ipv4 forward filter rule 101 inbound-interface group 'IG_LAN'
|
||||||
|
set firewall ipv4 forward filter rule 101 outbound-interface group 'IG_LAN'
|
||||||
|
set firewall ipv4 forward filter rule 106 action 'jump'
|
||||||
|
set firewall ipv4 forward filter rule 106 inbound-interface group 'IG_WAN'
|
||||||
|
set firewall ipv4 forward filter rule 106 jump-target 'WAN_IN'
|
||||||
|
set firewall ipv4 forward filter rule 106 outbound-interface group 'IG_LAN'
|
||||||
|
set firewall ipv4 forward filter rule 111 action 'drop'
|
||||||
|
set firewall ipv4 forward filter rule 111 description 'zone_LAN default-action'
|
||||||
|
set firewall ipv4 forward filter rule 111 outbound-interface group 'IG_LAN'
|
||||||
|
set firewall ipv4 forward filter rule 116 action 'accept'
|
||||||
|
set firewall ipv4 forward filter rule 116 inbound-interface group 'IG_WAN'
|
||||||
|
set firewall ipv4 forward filter rule 116 outbound-interface group 'IG_WAN'
|
||||||
|
set firewall ipv4 forward filter rule 121 action 'jump'
|
||||||
|
set firewall ipv4 forward filter rule 121 inbound-interface group 'IG_LAN'
|
||||||
|
set firewall ipv4 forward filter rule 121 jump-target 'IN_WAN'
|
||||||
|
set firewall ipv4 forward filter rule 121 outbound-interface group 'IG_WAN'
|
||||||
|
set firewall ipv4 forward filter rule 126 action 'drop'
|
||||||
|
set firewall ipv4 forward filter rule 126 description 'zone_WAN default-action'
|
||||||
|
set firewall ipv4 forward filter rule 126 outbound-interface group 'IG_WAN'
|
||||||
|
set firewall ipv4 input filter default-action 'accept'
|
||||||
|
set firewall ipv4 input filter rule 5 action 'jump'
|
||||||
|
set firewall ipv4 input filter rule 5 inbound-interface name 'pppoe1'
|
||||||
|
set firewall ipv4 input filter rule 5 jump-target 'WAN_LOCAL'
|
||||||
|
set firewall ipv4 input filter rule 101 action 'jump'
|
||||||
|
set firewall ipv4 input filter rule 101 inbound-interface group 'IG_LAN'
|
||||||
|
set firewall ipv4 input filter rule 101 jump-target 'IN_LOCAL'
|
||||||
|
set firewall ipv4 input filter rule 106 action 'jump'
|
||||||
|
set firewall ipv4 input filter rule 106 inbound-interface group 'IG_WAN'
|
||||||
|
set firewall ipv4 input filter rule 106 jump-target 'WAN_LOCAL'
|
||||||
|
set firewall ipv4 input filter rule 111 action 'drop'
|
||||||
|
set firewall ipv4 name IN_LOCAL default-action 'accept'
|
||||||
|
set firewall ipv4 name IN_WAN default-action 'accept'
|
||||||
|
set firewall ipv4 name LOCAL_IN default-action 'accept'
|
||||||
|
set firewall ipv4 name LOCAL_WAN default-action 'accept'
|
||||||
|
set firewall ipv4 name WAN_IN default-action 'drop'
|
||||||
|
set firewall ipv4 name WAN_IN description 'WAN to internal'
|
||||||
|
set firewall ipv4 name WAN_IN rule 10 action 'accept'
|
||||||
|
set firewall ipv4 name WAN_IN rule 10 description 'Allow established/related'
|
||||||
|
set firewall ipv4 name WAN_IN rule 10 state 'established'
|
||||||
|
set firewall ipv4 name WAN_IN rule 10 state 'related'
|
||||||
|
set firewall ipv4 name WAN_IN rule 20 action 'drop'
|
||||||
|
set firewall ipv4 name WAN_IN rule 20 description 'Drop invalid state'
|
||||||
|
set firewall ipv4 name WAN_IN rule 20 state 'invalid'
|
||||||
|
set firewall ipv4 name WAN_IN rule 1000 action 'accept'
|
||||||
|
set firewall ipv4 name WAN_IN rule 1000 description 'Plex'
|
||||||
|
set firewall ipv4 name WAN_IN rule 1000 destination port '32400'
|
||||||
|
set firewall ipv4 name WAN_IN rule 1000 protocol 'tcp_udp'
|
||||||
|
set firewall ipv4 name WAN_IN rule 1000 state 'new'
|
||||||
|
set firewall ipv4 name WAN_IN rule 1001 action 'accept'
|
||||||
|
set firewall ipv4 name WAN_IN rule 1001 description 'BitTorrent'
|
||||||
|
set firewall ipv4 name WAN_IN rule 1001 destination port '49500'
|
||||||
|
set firewall ipv4 name WAN_IN rule 1001 protocol 'tcp_udp'
|
||||||
|
set firewall ipv4 name WAN_IN rule 1001 state 'new'
|
||||||
|
set firewall ipv4 name WAN_IN rule 1002 action 'accept'
|
||||||
|
set firewall ipv4 name WAN_IN rule 1002 description 'WireGuard'
|
||||||
|
set firewall ipv4 name WAN_IN rule 1002 destination port '53820-53829'
|
||||||
|
set firewall ipv4 name WAN_IN rule 1002 protocol 'tcp_udp'
|
||||||
|
set firewall ipv4 name WAN_IN rule 1002 state 'new'
|
||||||
|
set firewall ipv4 name WAN_IN rule 1003 action 'accept'
|
||||||
|
set firewall ipv4 name WAN_IN rule 1003 description 'Minecraft'
|
||||||
|
set firewall ipv4 name WAN_IN rule 1003 destination port '25565'
|
||||||
|
set firewall ipv4 name WAN_IN rule 1003 protocol 'tcp_udp'
|
||||||
|
set firewall ipv4 name WAN_IN rule 1003 state 'new'
|
||||||
|
set firewall ipv4 name WAN_IN rule 1005 action 'accept'
|
||||||
|
set firewall ipv4 name WAN_IN rule 1005 description 'Web'
|
||||||
|
set firewall ipv4 name WAN_IN rule 1005 destination port '443,80'
|
||||||
|
set firewall ipv4 name WAN_IN rule 1005 protocol 'tcp_udp'
|
||||||
|
set firewall ipv4 name WAN_IN rule 1005 state 'new'
|
||||||
|
set firewall ipv4 name WAN_LOCAL default-action 'drop'
|
||||||
|
set firewall ipv4 name WAN_LOCAL description 'WAN to router'
|
||||||
|
set firewall ipv4 name WAN_LOCAL rule 10 action 'accept'
|
||||||
|
set firewall ipv4 name WAN_LOCAL rule 10 description 'Allow established/related'
|
||||||
|
set firewall ipv4 name WAN_LOCAL rule 10 state 'established'
|
||||||
|
set firewall ipv4 name WAN_LOCAL rule 10 state 'related'
|
||||||
|
set firewall ipv4 name WAN_LOCAL rule 20 action 'accept'
|
||||||
|
set firewall ipv4 name WAN_LOCAL rule 20 protocol 'icmp'
|
||||||
|
set firewall ipv4 name WAN_LOCAL rule 20 state 'new'
|
||||||
|
set firewall ipv4 name WAN_LOCAL rule 30 action 'drop'
|
||||||
|
set firewall ipv4 name WAN_LOCAL rule 30 description 'Drop invalid state'
|
||||||
|
set firewall ipv4 name WAN_LOCAL rule 30 state 'invalid'
|
||||||
|
set firewall ipv4 output filter default-action 'accept'
|
||||||
|
set firewall ipv4 output filter rule 101 action 'jump'
|
||||||
|
set firewall ipv4 output filter rule 101 jump-target 'LOCAL_IN'
|
||||||
|
set firewall ipv4 output filter rule 101 outbound-interface group 'IG_LAN'
|
||||||
|
set firewall ipv4 output filter rule 106 action 'jump'
|
||||||
|
set firewall ipv4 output filter rule 106 jump-target 'LOCAL_WAN'
|
||||||
|
set firewall ipv4 output filter rule 106 outbound-interface group 'IG_WAN'
|
||||||
|
set firewall ipv4 output filter rule 111 action 'drop'
|
||||||
|
set firewall ipv6 forward filter default-action 'accept'
|
||||||
|
set firewall ipv6 forward filter rule 101 action 'accept'
|
||||||
|
set firewall ipv6 forward filter rule 101 inbound-interface group 'IG_LAN'
|
||||||
|
set firewall ipv6 forward filter rule 101 outbound-interface group 'IG_LAN'
|
||||||
|
set firewall ipv6 forward filter rule 106 action 'drop'
|
||||||
|
set firewall ipv6 forward filter rule 106 description 'zone_LAN default-action'
|
||||||
|
set firewall ipv6 forward filter rule 106 outbound-interface group 'IG_LAN'
|
||||||
|
set firewall ipv6 forward filter rule 111 action 'accept'
|
||||||
|
set firewall ipv6 forward filter rule 111 inbound-interface group 'IG_WAN'
|
||||||
|
set firewall ipv6 forward filter rule 111 outbound-interface group 'IG_WAN'
|
||||||
|
set firewall ipv6 forward filter rule 116 action 'drop'
|
||||||
|
set firewall ipv6 forward filter rule 116 description 'zone_WAN default-action'
|
||||||
|
set firewall ipv6 forward filter rule 116 outbound-interface group 'IG_WAN'
|
||||||
|
set firewall ipv6 input filter default-action 'accept'
|
||||||
|
set firewall ipv6 input filter rule 101 action 'drop'
|
||||||
|
set firewall ipv6 output filter default-action 'accept'
|
||||||
|
set firewall ipv6 output filter rule 101 action 'drop'
|
21
wizard/config/interfaces.sh
Normal file
21
wizard/config/interfaces.sh
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
set interfaces ethernet eth0 hw-id 'd4:3d:7e:94:6e:eb'
|
||||||
|
set interfaces ethernet eth5 address 'dhcp'
|
||||||
|
set interfaces ethernet eth5 hw-id '6c:b3:11:32:46:24'
|
||||||
|
set interfaces ethernet eth5 offload sg
|
||||||
|
set interfaces ethernet eth5 offload tso
|
||||||
|
set interfaces ethernet eth5 vif 201
|
||||||
|
set interfaces ethernet eth6 address '192.168.1.1/24'
|
||||||
|
set interfaces ethernet eth6 description 'Primary Switch'
|
||||||
|
set interfaces ethernet eth6 duplex 'auto'
|
||||||
|
set interfaces ethernet eth6 hw-id '6c:b3:11:32:46:25'
|
||||||
|
set interfaces ethernet eth6 offload rps
|
||||||
|
set interfaces ethernet eth6 offload sg
|
||||||
|
set interfaces ethernet eth6 offload tso
|
||||||
|
set interfaces ethernet eth6 speed 'auto'
|
||||||
|
set interfaces loopback lo
|
||||||
|
set interfaces pppoe pppoe1 authentication password $INTERFACES_PPPOE_PPPOE1_AUTHENTICATION_PASSWORD
|
||||||
|
set interfaces pppoe pppoe1 authentication username 'hafnerjoseph'
|
||||||
|
set interfaces pppoe pppoe1 ip adjust-mss '1452'
|
||||||
|
set interfaces pppoe pppoe1 mtu '1492'
|
||||||
|
set interfaces pppoe pppoe1 no-peer-dns
|
||||||
|
set interfaces pppoe pppoe1 source-interface 'eth5.201'
|
59
wizard/config/nat.sh
Normal file
59
wizard/config/nat.sh
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
set nat destination rule 1000 description 'Plex'
|
||||||
|
set nat destination rule 1000 destination port '32400'
|
||||||
|
set nat destination rule 1000 inbound-interface name 'pppoe1'
|
||||||
|
set nat destination rule 1000 protocol 'tcp_udp'
|
||||||
|
set nat destination rule 1000 translation address '192.168.1.23'
|
||||||
|
set nat destination rule 1001 description 'BitTorrent'
|
||||||
|
set nat destination rule 1001 destination port '49500'
|
||||||
|
set nat destination rule 1001 inbound-interface name 'pppoe1'
|
||||||
|
set nat destination rule 1001 protocol 'tcp_udp'
|
||||||
|
set nat destination rule 1001 translation address '192.168.1.23'
|
||||||
|
set nat destination rule 1002 description 'WireGuard'
|
||||||
|
set nat destination rule 1002 destination port '53820-53829'
|
||||||
|
set nat destination rule 1002 inbound-interface name 'pppoe1'
|
||||||
|
set nat destination rule 1002 protocol 'tcp_udp'
|
||||||
|
set nat destination rule 1002 translation address '192.168.1.23'
|
||||||
|
set nat destination rule 1003 description 'Minecraft'
|
||||||
|
set nat destination rule 1003 destination port '25565'
|
||||||
|
set nat destination rule 1003 inbound-interface name 'pppoe1'
|
||||||
|
set nat destination rule 1003 protocol 'tcp_udp'
|
||||||
|
set nat destination rule 1003 translation address '192.168.1.23'
|
||||||
|
set nat destination rule 1005 description 'Web'
|
||||||
|
set nat destination rule 1005 destination port '443,80'
|
||||||
|
set nat destination rule 1005 inbound-interface name 'pppoe1'
|
||||||
|
set nat destination rule 1005 protocol 'tcp_udp'
|
||||||
|
set nat destination rule 1005 translation address '192.168.1.23'
|
||||||
|
set nat destination rule 1100 description 'Plex (Hairpin NAT)'
|
||||||
|
set nat destination rule 1100 destination address '174.21.35.181'
|
||||||
|
set nat destination rule 1100 destination port '32400'
|
||||||
|
set nat destination rule 1100 inbound-interface name 'eth6'
|
||||||
|
set nat destination rule 1100 protocol 'tcp_udp'
|
||||||
|
set nat destination rule 1100 translation address '192.168.1.23'
|
||||||
|
set nat destination rule 1102 description 'Wireguard (Hairpin NAT)'
|
||||||
|
set nat destination rule 1102 destination address '174.21.35.181'
|
||||||
|
set nat destination rule 1102 destination port '53820-53829'
|
||||||
|
set nat destination rule 1102 inbound-interface name 'eth6'
|
||||||
|
set nat destination rule 1102 protocol 'tcp_udp'
|
||||||
|
set nat destination rule 1102 translation address '192.168.1.23'
|
||||||
|
set nat destination rule 1103 description 'Minecraft (Hairpin NAT)'
|
||||||
|
set nat destination rule 1103 destination address '174.21.35.181'
|
||||||
|
set nat destination rule 1103 destination port '25565'
|
||||||
|
set nat destination rule 1103 inbound-interface name 'eth6'
|
||||||
|
set nat destination rule 1103 protocol 'tcp_udp'
|
||||||
|
set nat destination rule 1103 translation address '192.168.1.23'
|
||||||
|
set nat destination rule 1105 description 'Web (Hairpin NAT)'
|
||||||
|
set nat destination rule 1105 destination address '174.21.35.181'
|
||||||
|
set nat destination rule 1105 destination port '80,443'
|
||||||
|
set nat destination rule 1105 inbound-interface name 'eth6'
|
||||||
|
set nat destination rule 1105 protocol 'tcp_udp'
|
||||||
|
set nat destination rule 1105 translation address '192.168.1.23'
|
||||||
|
set nat source rule 99 description 'Masquerade as public IP on internet'
|
||||||
|
set nat source rule 99 outbound-interface name 'pppoe1'
|
||||||
|
set nat source rule 99 source address '192.168.1.0/24'
|
||||||
|
set nat source rule 99 translation address 'masquerade'
|
||||||
|
set nat source rule 100 description 'NAT Reflection'
|
||||||
|
set nat source rule 100 destination address '192.168.1.0/24'
|
||||||
|
set nat source rule 100 outbound-interface name 'eth6'
|
||||||
|
set nat source rule 100 protocol 'tcp_udp'
|
||||||
|
set nat source rule 100 source address '192.168.1.0/24'
|
||||||
|
set nat source rule 100 translation address 'masquerade'
|
7
wizard/config/qos.sh
Normal file
7
wizard/config/qos.sh
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
set qos interface eth6 egress 'GIGABIT-FQCODEL'
|
||||||
|
set qos interface pppoe1 ingress 'LIMITER'
|
||||||
|
set qos policy fq-codel GIGABIT-FQCODEL codel-quantum '8000'
|
||||||
|
set qos policy fq-codel GIGABIT-FQCODEL flows '1024'
|
||||||
|
set qos policy fq-codel GIGABIT-FQCODEL queue-limit '800'
|
||||||
|
set qos policy limiter LIMITER default bandwidth '700mbit'
|
||||||
|
set qos policy limiter LIMITER default burst '262.5mbit'
|
53
wizard/config/service.sh
Normal file
53
wizard/config/service.sh
Normal file
@ -0,0 +1,53 @@
|
|||||||
|
set service dhcp-server shared-network-name LAN domain-name 'local'
|
||||||
|
set service dhcp-server shared-network-name LAN domain-search 'local'
|
||||||
|
set service dhcp-server shared-network-name LAN name-server '192.168.1.32'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 default-router '192.168.1.1'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 lease '86400'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 range 1 start '192.168.1.100'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 range 1 stop '192.168.1.254'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping U6-Lite ip-address '192.168.1.3'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping U6-Lite mac-address '78:45:58:67:87:14'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping UAP-AC-LR ip-address '192.168.1.2'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping UAP-AC-LR mac-address '18:e8:29:50:f7:5b'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping joey-desktop ip-address '192.168.1.100'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping joey-desktop mac-address '04:92:26:DA:BA:C5'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping joey-nas ip-address '192.168.1.10'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping joey-nas mac-address '40:8d:5c:52:41:89'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping joey-nas2 ip-address '192.168.1.11'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping joey-nas2 mac-address '90:2b:34:37:ce:ea'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping joey-server2 ip-address '192.168.1.24'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping joey-server2 mac-address '24:4b:fe:57:bc:85'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping joey-server3 ip-address '192.168.1.25'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping joey-server3 mac-address '78:45:c4:05:4f:21'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping joey-server4 ip-address '192.168.1.26'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping joey-server4 mac-address '90:2b:34:37:ce:e8'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping pihole1 ip-address '192.168.1.21'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping pihole1 mac-address 'b8:27:eb:3c:8e:bb'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping pihole2 ip-address '192.168.1.22'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping pihole2 mac-address 'b8:27:eb:ff:76:6e'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping tasmota-1 ip-address '192.168.1.50'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping tasmota-1 mac-address '3C:61:05:F6:44:1E'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping tasmota-2 ip-address '192.168.1.51'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping tasmota-2 mac-address '3c:61:05:f6:d7:d3'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping tasmota-3 ip-address '192.168.1.52'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping tasmota-3 mac-address '3c:61:05:f6:f0:62'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping wyse1 ip-address '192.168.1.31'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping wyse1 mac-address '6c:2b:59:37:89:40'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping wyse2 ip-address '192.168.1.32'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping wyse2 mac-address '6c:2b:59:37:9e:91'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping wyse3 ip-address '192.168.1.33'
|
||||||
|
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 static-mapping wyse3 mac-address '6c:2b:59:37:9e:00'
|
||||||
|
set service dns forwarding allow-from '192.168.1.0/24'
|
||||||
|
set service dns forwarding cache-size '1000000'
|
||||||
|
set service dns forwarding listen-address '192.168.1.1'
|
||||||
|
set service dns forwarding name-server 192.168.1.32
|
||||||
|
set service monitoring telegraf prometheus-client
|
||||||
|
set service ntp allow-client address '0.0.0.0/0'
|
||||||
|
set service ntp allow-client address '::/0'
|
||||||
|
set service ntp server time-a-wwv.nist.gov
|
||||||
|
set service ntp server time-b-wwv.nist.gov
|
||||||
|
set service ntp server time-c-wwv.nist.gov
|
||||||
|
set service ntp server time-d-wwv.nist.gov
|
||||||
|
set service ntp server time-e-wwv.nist.gov
|
||||||
|
set service ssh disable-password-authentication
|
||||||
|
set service ssh port '22'
|
32
wizard/config/system.sh
Normal file
32
wizard/config/system.sh
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
set system config-management commit-revisions '200'
|
||||||
|
set system conntrack expect-table-size '8192'
|
||||||
|
set system conntrack hash-size '32768'
|
||||||
|
set system conntrack modules ftp
|
||||||
|
set system conntrack modules h323
|
||||||
|
set system conntrack modules nfs
|
||||||
|
set system conntrack modules pptp
|
||||||
|
set system conntrack modules sip
|
||||||
|
set system conntrack modules sqlnet
|
||||||
|
set system conntrack modules tftp
|
||||||
|
set system conntrack table-size '262144'
|
||||||
|
set system conntrack timeout tcp time-wait '15'
|
||||||
|
set system console device ttyS0 speed '115200'
|
||||||
|
set system host-name 'vyos'
|
||||||
|
set system login banner
|
||||||
|
set system login user vyos authentication encrypted-password $SYSTEM_LOGIN_USER_VYOS_AUTHENTICATION_ENCRYPTEDPASSWORD
|
||||||
|
set system login user vyos authentication otp key $SYSTEM_LOGIN_USER_VYOS_AUTHENTICATION_OTP_KEY
|
||||||
|
set system login user vyos authentication otp rate-limit '3'
|
||||||
|
set system login user vyos authentication otp rate-time '30'
|
||||||
|
set system login user vyos authentication otp window-size '3'
|
||||||
|
set system login user vyos authentication public-keys deploy@gitea.jafner.tools key $SYSTEM_LOGIN_USER_VYOS_AUTHENTICATION_PUBLICKEYS_deploygiteajafnertools_KEY
|
||||||
|
set system login user vyos authentication public-keys deploy@gitea.jafner.tools type 'ssh-ed25519'
|
||||||
|
set system login user vyos authentication public-keys jafner425@gmail.com key $SYSTEM_LOGIN_USER_VYOS_AUTHENTICATION_PUBLICKEYS_jafner425gmailcom_KEY
|
||||||
|
set system login user vyos authentication public-keys jafner425@gmail.com type 'ssh-ed25519'
|
||||||
|
set system name-server '192.168.1.32'
|
||||||
|
set system name-server 'eth5'
|
||||||
|
set system option performance 'latency'
|
||||||
|
set system syslog global facility all level 'info'
|
||||||
|
set system syslog global facility local7 level 'debug'
|
||||||
|
set system task-scheduler task update-nat-reflection executable path '/home/vyos/ipupdate.sh'
|
||||||
|
set system task-scheduler task update-nat-reflection interval '5'
|
||||||
|
set system time-zone 'America/Los_Angeles'
|
Loading…
Reference in New Issue
Block a user