firewall { | |
all-ping enable | |
broadcast-ping disable | |
config-trap disable | |
group { | |
network-group Nets4-BlackList { | |
description "Blacklisted IPv4 Sources" | |
} | |
network-group Sam-Allowed { | |
network 192.168.0.5/32 | |
network 192.168.0.253/32 | |
} | |
network-group Sams-Networks { | |
network 10.1.1.0/24 | |
} | |
network-group trusted-hosts { | |
description "Trusted hosts for SSH to Micro" | |
network 94.247.40.0/24 | |
network 35.197.168.214/32 | |
network 108.61.194.116/32 | |
network 103.8.142.187/32 | |
network 202.137.240.222/32 | |
network 103.208.142.58/32 | |
network 116.202.128.144/32 | |
network 74.48.81.187/32 | |
} | |
} | |
ipv6-receive-redirects disable | |
ipv6-src-route disable | |
ip-src-route disable | |
log-martians enable | |
name LAN-IN { | |
default-action accept | |
rule 500 { | |
action drop | |
description "Drop Camera sending traffic to Internet" | |
destination { | |
address !192.168.0.0/16 | |
} | |
log enable | |
source { | |
address 192.168.0.11-192.168.0.12 | |
} | |
} | |
} | |
name SAM-IN { | |
default-action reject | |
description "Sams Access to Micro" | |
enable-default-log | |
rule 10 { | |
action accept | |
destination { | |
group { | |
network-group Sam-Allowed | |
} | |
} | |
source { | |
group { | |
network-group Sams-Networks | |
} | |
} | |
} | |
} | |
name SAM-OUT { | |
default-action reject | |
description "Sams Access to Micro" | |
enable-default-log | |
rule 10 { | |
action accept | |
destination { | |
group { | |
network-group Sams-Networks | |
} | |
} | |
source { | |
group { | |
network-group Sam-Allowed | |
} | |
} | |
} | |
} | |
name WAN-IN { | |
default-action drop | |
rule 10 { | |
action accept | |
description "Permit Return Traffic from the WAN" | |
state { | |
established enable | |
related enable | |
} | |
} | |
rule 20 { | |
action drop | |
description "Drop traffic matching FireHol Level 1,2 and 3 Blacklists" | |
protocol all | |
source { | |
group { | |
network-group Nets4-BlackList | |
} | |
} | |
} | |
rule 50 { | |
action accept | |
description "Accept Traffic towards Adguard - DNS over TLS" | |
destination { | |
port 853 | |
} | |
protocol tcp_udp | |
} | |
rule 90 { | |
action accept | |
description "Permit Trusted Hosts to Micro SSH" | |
destination { | |
port ssh | |
} | |
protocol tcp | |
source { | |
group { | |
network-group trusted-hosts | |
} | |
} | |
} | |
rule 95 { | |
action accept | |
description "Zabbix Agent Encrypted" | |
destination { | |
port 10051 | |
} | |
protocol tcp | |
source { | |
group { | |
network-group trusted-hosts | |
} | |
} | |
} | |
rule 100 { | |
action accept | |
description "Permit traffic to NAT Rules" | |
destination { | |
port 25,80,443,5001,8123,8920,22067-22070,34342,45459,49371,58050-58051 | |
} | |
protocol tcp_udp | |
} | |
} | |
name WAN-LOCAL { | |
default-action drop | |
rule 10 { | |
action accept | |
description "Accept return traffic from already established sessions" | |
state { | |
established enable | |
related enable | |
} | |
} | |
rule 15 { | |
action accept | |
description "Accept ICMP from Trusted Hosts" | |
icmp { | |
type-name echo-request | |
} | |
protocol icmp | |
source { | |
group { | |
network-group trusted-hosts | |
} | |
} | |
state { | |
new enable | |
} | |
} | |
rule 20 { | |
action accept | |
description "Incoming Wireguard Sessions" | |
destination { | |
port 7777-7778 | |
} | |
log disable | |
protocol udp | |
} | |
} | |
options { | |
interface wg0 { | |
adjust-mss 1380 | |
} | |
interface wg1 { | |
adjust-mss 1380 | |
} | |
} | |
receive-redirects disable | |
send-redirects enable | |
source-validation disable | |
syn-cookies disable | |
twa-hazards-protection enable | |
} | |
interfaces { | |
ethernet eth0 { | |
description "WAN Interface - Unison Fibre - NowNZ" | |
duplex auto | |
mac 4c:55:56:44:41:4e | |
mtu 9000 | |
offload { | |
gro | |
gso | |
sg | |
tso | |
} | |
speed auto | |
} | |
ethernet eth1 { | |
address 192.168.0.1/24 | |
description "MuppetLAN Network" | |
duplex auto | |
firewall { | |
in { | |
name LAN-IN | |
} | |
} | |
ip { | |
source-validation strict | |
} | |
mac 54:1e:56:36:29:1e | |
mtu 9000 | |
offload { | |
gro | |
gso | |
sg | |
tso | |
} | |
speed auto | |
traffic-policy { | |
out pppoe-in | |
} | |
} | |
loopback lo { | |
description "Loopback Interface" | |
} | |
pppoe pppoe0 { | |
authentication { | |
password **************** | |
user CENSORED | |
} | |
default-route force | |
description "Internet" | |
firewall { | |
in { | |
name WAN-IN | |
} | |
local { | |
name WAN-LOCAL | |
} | |
} | |
mru 1500 | |
mtu 1500 | |
source-interface eth0 | |
traffic-policy { | |
out pppoe-out | |
} | |
} | |
wireguard wg0 { | |
address 192.168.10.1/24 | |
description "Ferrari Wireguard" | |
peer bobo.muppetz.com { | |
allowed-ips 192.168.10.5/32 | |
persistent-keepalive 25 | |
preshared-key **************** | |
pubkey **************** | |
} | |
peer jelly2 { | |
allowed-ips 192.168.10.16/32 | |
persistent-keepalive 25 | |
preshared-key **************** | |
pubkey **************** | |
} | |
peer mail.muppetz.com { | |
allowed-ips 192.168.10.2/32 | |
persistent-keepalive 20 | |
preshared-key **************** | |
pubkey **************** | |
} | |
peer nownz-laptop { | |
allowed-ips 192.168.10.22/32 | |
persistent-keepalive 25 | |
preshared-key **************** | |
pubkey **************** | |
} | |
peer openwrt-wr902ac { | |
allowed-ips 192.168.10.13/32 | |
persistent-keepalive 25 | |
preshared-key **************** | |
pubkey **************** | |
} | |
peer pa { | |
allowed-ips 192.168.10.24/32 | |
persistent-keepalive 25 | |
preshared-key **************** | |
pubkey **************** | |
} | |
peer pixel { | |
allowed-ips 192.168.10.11/32 | |
persistent-keepalive 25 | |
preshared-key **************** | |
pubkey **************** | |
} | |
peer pixel4xl { | |
allowed-ips 192.168.10.10/32 | |
persistent-keepalive 25 | |
preshared-key **************** | |
pubkey **************** | |
} | |
peer pixel7pro { | |
allowed-ips 192.168.10.17/32 | |
persistent-keepalive 25 | |
preshared-key **************** | |
pubkey **************** | |
} | |
peer sarahs-iphone { | |
allowed-ips 192.168.10.25/32 | |
persistent-keepalive 25 | |
preshared-key **************** | |
pubkey **************** | |
} | |
peer sweetums { | |
allowed-ips 192.168.10.15/32 | |
persistent-keepalive 25 | |
preshared-key **************** | |
pubkey **************** | |
} | |
peer thinky { | |
allowed-ips 192.168.10.20/32 | |
persistent-keepalive 25 | |
preshared-key **************** | |
pubkey **************** | |
} | |
peer tims-ipad { | |
allowed-ips 192.168.10.23/32 | |
persistent-keepalive 25 | |
preshared-key **************** | |
pubkey **************** | |
} | |
peer tims-macbook { | |
allowed-ips 192.168.10.26/32 | |
persistent-keepalive 25 | |
preshared-key **************** | |
pubkey **************** | |
} | |
port 7777 | |
} | |
wireguard wg1 { | |
address 10.89.90.2/30 | |
description "Wireguard Connection to Sam for Media Sharing" | |
firewall { | |
in { | |
name SAM-IN | |
} | |
out { | |
name SAM-OUT | |
} | |
} | |
peer sam { | |
address 114.23.93.1 | |
allowed-ips 10.1.1.0/24 | |
allowed-ips 10.89.90.1/32 | |
persistent-keepalive 20 | |
port 1200 | |
preshared-key **************** | |
pubkey **************** | |
} | |
port 7778 | |
} | |
} | |
nat { | |
destination { | |
rule 50 { | |
description "rTorrent on Micro" | |
destination { | |
port 49371 | |
} | |
inbound-interface pppoe0 | |
protocol tcp_udp | |
translation { | |
address 192.168.0.5 | |
} | |
} | |
rule 51 { | |
description "BubbleUPNP Remote Access" | |
destination { | |
port 58050-58051 | |
} | |
inbound-interface pppoe0 | |
protocol tcp | |
translation { | |
address 192.168.0.5 | |
} | |
} | |
rule 52 { | |
description "Syncthing Relay" | |
destination { | |
port 22067-22070 | |
} | |
inbound-interface pppoe0 | |
protocol tcp | |
translation { | |
address 192.168.0.5 | |
} | |
} | |
rule 53 { | |
description "qBittorrent on XPS" | |
destination { | |
port 34342 | |
} | |
inbound-interface pppoe0 | |
protocol tcp_udp | |
translation { | |
address 192.168.0.121 | |
} | |
} | |
rule 54 { | |
description "qBittorrent on Thinky" | |
destination { | |
port 45459 | |
} | |
inbound-interface pppoe0 | |
protocol tcp_udp | |
translation { | |
address 192.168.0.120 | |
} | |
} | |
rule 55 { | |
description "SSH to Micro" | |
destination { | |
port 22 | |
} | |
inbound-interface pppoe0 | |
protocol tcp | |
translation { | |
address 192.168.0.5 | |
} | |
} | |
rule 56 { | |
description "Jellyfin on Micro" | |
destination { | |
port 8920 | |
} | |
inbound-interface pppoe0 | |
protocol tcp | |
translation { | |
address 192.168.0.5 | |
} | |
} | |
rule 60 { | |
description "Apache on Micro" | |
destination { | |
port 80,443 | |
} | |
inbound-interface pppoe0 | |
protocol tcp | |
translation { | |
address 192.168.0.5 | |
} | |
} | |
rule 70 { | |
description "Icecast on Micro" | |
destination { | |
port 5001 | |
} | |
inbound-interface pppoe0 | |
protocol tcp | |
translation { | |
address 192.168.0.5 | |
} | |
} | |
rule 80 { | |
description "STMP on Micro" | |
destination { | |
port 25 | |
} | |
inbound-interface pppoe0 | |
protocol tcp | |
translation { | |
address 192.168.0.5 | |
} | |
} | |
rule 90 { | |
description "Home Assistant" | |
destination { | |
port 8123 | |
} | |
inbound-interface pppoe0 | |
protocol tcp | |
translation { | |
address 192.168.0.7 | |
} | |
} | |
rule 95 { | |
description "Zabbix Agent Encrypted" | |
destination { | |
port 10051 | |
} | |
inbound-interface pppoe0 | |
protocol tcp | |
translation { | |
address 192.168.0.253 | |
} | |
} | |
rule 110 { | |
description "Adguard - DNS over TLS" | |
destination { | |
port 853 | |
} | |
inbound-interface pppoe0 | |
protocol tcp_udp | |
translation { | |
address 192.168.0.6 | |
} | |
} | |
rule 200 { | |
description "Hairpin NAT for Home Assistant" | |
destination { | |
address 202.137.243.17 | |
port 8123 | |
} | |
inbound-interface eth1 | |
protocol tcp | |
translation { | |
address 192.168.0.7 | |
} | |
} | |
rule 210 { | |
description "Hairpin NAT for Micro Services" | |
destination { | |
address 202.137.243.17 | |
port 22,80,443,5001,8920 | |
} | |
inbound-interface eth1 | |
protocol tcp | |
translation { | |
address 192.168.0.5 | |
} | |
} | |
rule 220 { | |
description "Hairpin NAT for Wifi Management" | |
destination { | |
address 202.137.243.17 | |
port 8443 | |
} | |
inbound-interface eth1 | |
protocol tcp | |
translation { | |
address 192.168.0.3 | |
} | |
} | |
rule 230 { | |
description "Hairpin NAT for Mosh Shell on Micro" | |
destination { | |
address 202.137.243.17 | |
port 60000-60010 | |
} | |
inbound-interface eth1 | |
protocol udp | |
translation { | |
address 192.168.0.5 | |
} | |
} | |
rule 500 { | |
description "Rewrite DNS Requests" | |
destination { | |
address !192.168.0.0/24 | |
port 53 | |
} | |
inbound-interface eth1 | |
protocol tcp_udp | |
source { | |
address !192.168.0.1-192.168.0.6 | |
} | |
translation { | |
address 192.168.0.1 | |
} | |
} | |
} | |
source { | |
rule 200 { | |
description "Hairpin NAT for Home Assistant" | |
destination { | |
address 192.168.0.7 | |
port 8123 | |
} | |
outbound-interface eth1 | |
protocol tcp | |
source { | |
address 192.168.0.0/24 | |
} | |
translation { | |
address masquerade | |
} | |
} | |
rule 210 { | |
description "Hairpin NAT for Micro Services" | |
destination { | |
address 192.168.0.5 | |
port 22,80,443,5001,8920 | |
} | |
outbound-interface eth1 | |
protocol tcp | |
source { | |
address 192.168.0.0/24 | |
} | |
translation { | |
address masquerade | |
} | |
} | |
rule 220 { | |
description "Hairpin NAT for Wifi Management" | |
destination { | |
address 192.168.0.3 | |
port 8443 | |
} | |
outbound-interface eth1 | |
protocol tcp | |
source { | |
address 192.168.0.0/24 | |
} | |
translation { | |
address masquerade | |
} | |
} | |
rule 230 { | |
description "Hairpin NAT for Mosh Shell on Micro" | |
destination { | |
address 192.168.0.5 | |
port 60000-60010 | |
} | |
outbound-interface eth1 | |
protocol udp | |
source { | |
address 192.168.0.0/24 | |
} | |
translation { | |
address masquerade | |
} | |
} | |
rule 1000 { | |
description "Default NAT Rule for Internet Access" | |
outbound-interface pppoe0 | |
translation { | |
address masquerade | |
} | |
} | |
} | |
} | |
policy { | |
prefix-list sams-routes { | |
rule 1 { | |
action permit | |
prefix 10.1.1.0/24 | |
} | |
} | |
prefix-list tims-routes { | |
rule 1 { | |
action permit | |
prefix 192.168.0.0/24 | |
} | |
} | |
route-map rm-static-to-bgp { | |
rule 10 { | |
action permit | |
description "Local MuppetLAN Subnet" | |
match { | |
ip { | |
address { | |
prefix-list tims-routes | |
} | |
} | |
} | |
} | |
rule 100 { | |
action deny | |
description "Default Deny" | |
} | |
} | |
} | |
protocols { | |
bgp 64590 { | |
address-family { | |
ipv4-unicast { | |
redistribute { | |
connected { | |
route-map rm-static-to-bgp | |
} | |
} | |
} | |
} | |
neighbor 10.89.90.1 { | |
address-family { | |
ipv4-unicast { | |
nexthop-self { | |
} | |
prefix-list { | |
export tims-routes | |
import sams-routes | |
} | |
soft-reconfiguration { | |
inbound | |
} | |
} | |
} | |
description "Sams Router" | |
password **************** | |
remote-as 64589 | |
} | |
parameters { | |
log-neighbor-changes | |
router-id 10.89.90.2 | |
} | |
} | |
static { | |
route 10.0.0.0/8 { | |
next-hop 192.168.0.15 { | |
} | |
} | |
route 100.64.0.0/10 { | |
next-hop 192.168.0.15 { | |
} | |
} | |
route 103.8.143.135/32 { | |
next-hop 192.168.0.15 { | |
} | |
} | |
route 202.74.33.6/32 { | |
next-hop 192.168.0.15 { | |
} | |
} | |
route 202.137.240.52/32 { | |
next-hop 192.168.0.15 { | |
} | |
} | |
route 203.92.25.107/32 { | |
next-hop 192.168.0.15 { | |
} | |
} | |
} | |
} | |
service { | |
dhcp-server { | |
shared-network-name MuppetLAN { | |
authoritative | |
description "MuppetLAN DHCP Server" | |
subnet 192.168.0.0/24 { | |
default-router 192.168.0.1 | |
domain-name muppetz.com | |
domain-search muppetz.com | |
lease 86400 | |
name-server 192.168.0.6 | |
ntp-server 192.168.0.1 | |
range MuppetLANDynamic { | |
start 192.168.0.150 | |
stop 192.168.0.240 | |
} | |
static-mapping Beths-iPad { | |
ip-address 192.168.0.113 | |
mac-address f0:76:6f:41:6e:1c | |
} | |
static-mapping appletv { | |
ip-address 192.168.0.101 | |
mac-address 50:32:37:ba:62:79 | |
} | |
static-mapping beths-chromebook { | |
ip-address 192.168.0.125 | |
mac-address 90:0f:0c:f1:a5:4b | |
} | |
static-mapping beths-ipad { | |
ip-address 192.168.0.127 | |
mac-address f0:2f:4b:1a:4f:21 | |
} | |
static-mapping camera1 { | |
ip-address 192.168.0.11 | |
mac-address 78:11:dc:70:b9:4d | |
static-mapping-parameters "option domain-name-servers 192.168.0.1;" | |
} | |
static-mapping camera2 { | |
ip-address 192.168.0.12 | |
mac-address 78:11:dc:70:b7:4f | |
static-mapping-parameters "option domain-name-servers 192.168.0.1;" | |
} | |
static-mapping canon-printer { | |
ip-address 192.168.0.60 | |
mac-address 34:9f:7b:c9:36:12 | |
} | |
static-mapping carport-ap { | |
ip-address 192.168.0.24 | |
mac-address b4:fb:e4:70:ce:58 | |
} | |
static-mapping chatterbox { | |
ip-address 192.168.0.10 | |
mac-address b0:fa:eb:31:ef:3e | |
} | |
static-mapping daisys-chromebook { | |
ip-address 192.168.0.130 | |
mac-address 34:7d:f6:0c:e3:e2 | |
} | |
static-mapping daisysipad { | |
ip-address 192.168.0.129 | |
mac-address 52:77:34:96:33:96 | |
} | |
static-mapping hb { | |
ip-address 192.168.0.14 | |
mac-address 2c:3a:e8:39:0b:33 | |
} | |
static-mapping imac { | |
ip-address 192.168.0.116 | |
mac-address 38:f9:d3:de:45:5a | |
} | |
static-mapping ir-blaster-bedroom { | |
ip-address 192.168.0.27 | |
mac-address 78:0f:77:d8:f3:b4 | |
} | |
static-mapping kitchen-ap { | |
ip-address 192.168.0.21 | |
mac-address fc:ec:da:f0:44:20 | |
} | |
static-mapping kitchen-cca { | |
ip-address 192.168.0.115 | |
mac-address 54:60:09:e0:e3:40 | |
} | |
static-mapping lounge-ap { | |
ip-address 192.168.0.22 | |
mac-address 74:83:c2:c6:59:c6 | |
} | |
static-mapping micro { | |
ip-address 192.168.0.5 | |
mac-address 12:d7:8e:70:a7:b1 | |
} | |
static-mapping mikrotik { | |
ip-address 192.168.0.4 | |
mac-address 00:0c:42:a5:68:60 | |
} | |
static-mapping nownz-laptop { | |
ip-address 192.168.0.123 | |
mac-address 90:cc:df:1b:d6:68 | |
} | |
static-mapping office-aircon { | |
ip-address 192.168.0.16 | |
mac-address a0:c9:a0:08:93:3e | |
} | |
static-mapping oldipad { | |
ip-address 192.168.0.112 | |
mac-address 9c:04:eb:90:99:5c | |
} | |
static-mapping peters-old-ipad { | |
ip-address 192.168.0.124 | |
mac-address 5c:97:f3:a8:bb:18 | |
} | |
static-mapping pixel { | |
ip-address 192.168.0.105 | |
mac-address ac:37:43:a6:4c:95 | |
} | |
static-mapping pixel-7-pro { | |
ip-address 192.168.0.128 | |
mac-address d4:3a:2c:96:3a:cb | |
} | |
static-mapping pool-aircon { | |
ip-address 192.168.0.26 | |
mac-address 34:ea:e7:f5:9e:b2 | |
} | |
static-mapping poolshed-ap { | |
ip-address 192.168.0.25 | |
mac-address 78:8a:20:70:d9:36 | |
} | |
static-mapping ring-carport { | |
ip-address 192.168.0.28 | |
mac-address 9c:76:13:19:57:f1 | |
} | |
static-mapping ring-floodlight { | |
ip-address 192.168.0.13 | |
mac-address d4:36:39:a9:ea:46 | |
} | |
static-mapping sarah-hbrc-laptop { | |
ip-address 192.168.0.133 | |
mac-address 68:54:5a:ba:dc:4f | |
static-mapping-parameters "option domain-name-servers 192.168.0.1;" | |
} | |
static-mapping shed-ap { | |
ip-address 192.168.0.23 | |
mac-address 78:8a:20:48:bb:69 | |
} | |
static-mapping spitfire { | |
ip-address 192.168.0.2 | |
mac-address f0:9f:c2:c4:28:c6 | |
} | |
static-mapping thinky { | |
ip-address 192.168.0.120 | |
mac-address 9c:2a:70:88:0f:2d | |
} | |
static-mapping tiltpi { | |
ip-address 192.168.0.18 | |
mac-address b8:27:eb:9b:73:b9 | |
} | |
static-mapping tims-macbook { | |
ip-address 192.168.0.131 | |
mac-address 6c:7e:67:cd:31:6f | |
} | |
static-mapping tims-mac-mini { | |
ip-address 192.168.0.132 | |
mac-address 20:a5:cb:d4:22:b0 | |
} | |
static-mapping tv { | |
ip-address 192.168.0.99 | |
mac-address 38:2c:4a:0e:e9:bb | |
} | |
static-mapping upstairs-ap { | |
ip-address 192.168.0.20 | |
mac-address 78:8a:20:48:bb:8d | |
} | |
} | |
} | |
} | |
dns { | |
forwarding { | |
allow-from 192.168.0.0/16 | |
cache-size 32768 | |
dnssec off | |
listen-address 192.168.0.1 | |
name-server 202.137.240.39 | |
name-server 202.137.240.40 | |
} | |
} | |
snmp { | |
community VeryLargeDancingSpaceChickens { | |
authorization ro | |
client 127.0.0.1 | |
network 192.168.0.0/16 | |
} | |
contact "Tim Harman - [email protected]" | |
location "10 Jervois Road, Jervoistown" | |
} | |
ssh { | |
access-control { | |
allow { | |
user tim | |
} | |
} | |
client-keepalive-interval 60 | |
listen-address 192.168.0.1 | |
listen-address 192.168.10.1 | |
} | |
} | |
system { | |
config-management { | |
commit-revisions 100 | |
} | |
conntrack { | |
hash-size 65536 | |
modules { | |
ftp | |
pptp | |
} | |
table-size 524288 | |
} | |
console { | |
device ttyS0 { | |
speed 115200 | |
} | |
} | |
domain-name muppetz.com | |
host-name ferrari | |
ip { | |
arp { | |
table-size 1024 | |
} | |
} | |
login { | |
banner { | |
post-login "Ferrari - Vyos" | |
} | |
user tim { | |
authentication { | |
encrypted-password **************** | |
public-keys JuiceSSH { | |
key **************** | |
type ecdsa-sha2-nistp384 | |
} | |
public-keys micro { | |
key **************** | |
type ssh-rsa | |
} | |
public-keys tim { | |
key **************** | |
type ssh-ed25519 | |
} | |
} | |
full-name "Tim Harman" | |
} | |
} | |
name-server 192.168.0.1 | |
ntp { | |
allow-clients { | |
address 192.168.0.0/16 | |
} | |
listen-address 192.168.0.1 | |
server p1.ntp.net.nz { | |
} | |
server p2.ntp.net.nz { | |
} | |
server p3.ntp.net.nz { | |
} | |
server p4.ntp.net.nz { | |
} | |
} | |
option { | |
ctrl-alt-delete ignore | |
http-client { | |
source-interface pppoe0 | |
} | |
reboot-on-panic | |
startup-beep | |
} | |
static-host-mapping { | |
host-name adguard.muppetz.com { | |
inet 192.168.0.6 | |
} | |
host-name appletv.muppetz.com { | |
inet 192.168.0.101 | |
} | |
host-name bobo.muppetz.com { | |
inet 192.168.10.5 | |
} | |
host-name camera1.muppetz.com { | |
inet 192.168.0.11 | |
} | |
host-name camera2.muppetz.com { | |
inet 192.168.0.12 | |
} | |
host-name canon-printer.muppetz.com { | |
alias canon-printer | |
inet 192.168.0.60 | |
} | |
host-name carport-ap.muppetz.com { | |
inet 192.168.0.24 | |
} | |
host-name chatterbox.muppetz.com { | |
inet 192.168.0.10 | |
} | |
host-name chromecast.muppetz.com { | |
inet 192.168.0.102 | |
} | |
host-name contacts.muppetz.com { | |
inet 192.168.0.5 | |
} | |
host-name droid.muppetz.com { | |
inet 192.168.0.114 | |
} | |
host-name fenix6pro.muppetz.com { | |
inet 192.168.0.118 | |
} | |
host-name gallery.tjharman.com { | |
inet 192.168.0.5 | |
} | |
host-name ha.muppetz.com { | |
inet 192.168.0.7 | |
} | |
host-name hb.muppetz.com { | |
inet 192.168.0.14 | |
} | |
host-name kitchen-ap.muppetz.com { | |
inet 192.168.0.21 | |
} | |
host-name kitchen-cca { | |
inet 192.168.0.115 | |
} | |
host-name kitchentv.muppetz.com { | |
inet 192.168.0.103 | |
} | |
host-name lice.muppetz.com { | |
inet 192.168.0.5 | |
} | |
host-name lounge-ap.muppetz.com { | |
inet 192.168.0.22 | |
} | |
host-name mail.muppetz.com { | |
inet 192.168.10.2 | |
} | |
host-name max.muppetz.com { | |
inet 192.168.0.247 | |
} | |
host-name micro.muppetz.com { | |
alias micro | |
inet 192.168.0.5 | |
} | |
host-name mikrotik.muppetz.com { | |
inet 192.168.0.4 | |
} | |
host-name mqtt.muppetz.com { | |
inet 192.168.0.7 | |
} | |
host-name now-laptop.muppetz.com { | |
alias now-laptop | |
inet 192.168.10.22 | |
} | |
host-name office-aircon.muppetz.com { | |
inet 192.168.0.16 | |
} | |
host-name oldipad.muppetz.com { | |
inet 192.168.0.112 | |
} | |
host-name orbit.muppetz.com { | |
inet 192.168.0.248 | |
} | |
host-name poolshed-ap.muppetz.com { | |
inet 192.168.0.25 | |
} | |
host-name radio.muppetz.com { | |
inet 192.168.0.5 | |
} | |
host-name reader.muppetz.com { | |
inet 192.168.0.5 | |
} | |
host-name ring-carport.muppetz.com { | |
inet 192.168.0.28 | |
} | |
host-name ring-floodlight.muppetz.com { | |
inet 192.168.0.13 | |
} | |
host-name ring.muppetz.com { | |
inet 192.168.0.9 | |
} | |
host-name router.muppetz.com { | |
inet 192.168.0.1 | |
} | |
host-name rspamd.muppetz.com { | |
inet 192.168.10.2 | |
} | |
host-name search.muppetz.com { | |
inet 192.168.0.5 | |
} | |
host-name shed-ap.muppetz.com { | |
inet 192.168.0.23 | |
} | |
host-name spitfire.muppetz.com { | |
inet 192.168.0.2 | |
} | |
host-name sync.muppetz.com { | |
inet 192.168.0.5 | |
} | |
host-name tasks.muppetz.com { | |
inet 192.168.0.5 | |
} | |
host-name thinky.muppetz.com { | |
inet 192.168.0.120 | |
} | |
host-name tilt.pi { | |
inet 192.168.0.18 | |
} | |
host-name time.muppetz.com { | |
inet 192.168.0.1 | |
} | |
host-name tjharman.com { | |
inet 192.168.0.5 | |
} | |
host-name tv.muppetz.com { | |
inet 192.168.0.99 | |
} | |
host-name upstairs-ap.muppetz.com { | |
inet 192.168.0.20 | |
} | |
host-name vpn.muppetz.com { | |
inet 192.168.0.1 | |
} | |
host-name wb.muppetz.com { | |
inet 192.168.0.5 | |
} | |
host-name wifi.muppetz.com { | |
inet 192.168.0.3 | |
} | |
host-name zabbix.muppetz.com { | |
inet 192.168.0.253 | |
} | |
} | |
sysctl { | |
custom net.core.default_qdisc { | |
value fq | |
} | |
custom net.ipv4.tcp_congestion_control { | |
value bbr | |
} | |
} | |
syslog { | |
global { | |
facility all { | |
level info | |
} | |
} | |
host 192.168.0.5 { | |
facility all { | |
level debug | |
protocol udp | |
} | |
} | |
} | |
task-scheduler { | |
task Update-Blacklists { | |
executable { | |
path /config/scripts/updBlackList.sh | |
} | |
interval 3h | |
} | |
task configbackup { | |
executable { | |
path /config/scripts/restic-backup | |
} | |
interval 1d | |
} | |
task fstrim { | |
executable { | |
arguments "/sbin/fstrim -a" | |
path /bin/sudo | |
} | |
interval 7d | |
} | |
} | |
time-zone Pacific/Auckland | |
} | |
traffic-policy { | |
shaper pppoe-in { | |
bandwidth 710mbit | |
class 5 { | |
bandwidth 4% | |
burst 2mb | |
description "TCP SYN/ACK" | |
match tiny4 { | |
ip { | |
tcp { | |
ack | |
syn | |
} | |
} | |
} | |
priority 0 | |
queue-limit 100 | |
queue-type fq-codel | |
} | |
class 10 { | |
bandwidth 1% | |
burst 1mb | |
description "DNS Traffic" | |
match dns { | |
ip { | |
protocol udp | |
source { | |
port 53 | |
} | |
} | |
} | |
priority 1 | |
queue-limit 100 | |
queue-type fq-codel | |
} | |
default { | |
bandwidth 95% | |
burst 15k | |
ceiling 100% | |
codel-quantum 8000 | |
priority 7 | |
queue-type fq-codel | |
} | |
} | |
shaper pppoe-out { | |
bandwidth 450mbit | |
class 5 { | |
bandwidth 4% | |
burst 2mb | |
description "TCP SYN/ACK" | |
match tiny4 { | |
ip { | |
tcp { | |
ack | |
syn | |
} | |
} | |
} | |
priority 0 | |
queue-limit 50 | |
queue-type fq-codel | |
} | |
class 10 { | |
bandwidth 1% | |
burst 1mb | |
description "DNS Traffic" | |
match dns { | |
ip { | |
destination { | |
port 53 | |
} | |
protocol udp | |
} | |
} | |
priority 1 | |
queue-limit 50 | |
queue-type fq-codel | |
} | |
default { | |
bandwidth 95% | |
burst 15k | |
ceiling 100% | |
codel-quantum 8000 | |
priority 7 | |
queue-type fq-codel | |
} | |
description "450Mbps Out via PPPoE" | |
} | |
} |
File Metadata
File Metadata
- Mime Type
- text/plain
- Storage Engine
- blob
- Storage Format
- Raw Data
- Storage Handle
- 236277
- Default Alt Text
- conf.txt (34 KB)