| firewall { | |
| all-ping enable | |
| broadcast-ping disable | |
| config-trap disable | |
| group { | |
| network-group Nets4-BlackList { | |
| description "Blacklisted IPv4 Sources" | |
| } | |
| network-group Sam-Allowed { | |
| network 192.168.0.5/32 | |
| network 192.168.0.253/32 | |
| } | |
| network-group Sams-Networks { | |
| network 10.1.1.0/24 | |
| } | |
| network-group trusted-hosts { | |
| description "Trusted hosts for SSH to Micro" | |
| network 94.247.40.0/24 | |
| network 35.197.168.214/32 | |
| network 108.61.194.116/32 | |
| network 103.8.142.187/32 | |
| network 202.137.240.222/32 | |
| network 103.208.142.58/32 | |
| network 116.202.128.144/32 | |
| network 74.48.81.187/32 | |
| } | |
| } | |
| ipv6-receive-redirects disable | |
| ipv6-src-route disable | |
| ip-src-route disable | |
| log-martians enable | |
| name LAN-IN { | |
| default-action accept | |
| rule 500 { | |
| action drop | |
| description "Drop Camera sending traffic to Internet" | |
| destination { | |
| address !192.168.0.0/16 | |
| } | |
| log enable | |
| source { | |
| address 192.168.0.11-192.168.0.12 | |
| } | |
| } | |
| } | |
| name SAM-IN { | |
| default-action reject | |
| description "Sams Access to Micro" | |
| enable-default-log | |
| rule 10 { | |
| action accept | |
| destination { | |
| group { | |
| network-group Sam-Allowed | |
| } | |
| } | |
| source { | |
| group { | |
| network-group Sams-Networks | |
| } | |
| } | |
| } | |
| } | |
| name SAM-OUT { | |
| default-action reject | |
| description "Sams Access to Micro" | |
| enable-default-log | |
| rule 10 { | |
| action accept | |
| destination { | |
| group { | |
| network-group Sams-Networks | |
| } | |
| } | |
| source { | |
| group { | |
| network-group Sam-Allowed | |
| } | |
| } | |
| } | |
| } | |
| name WAN-IN { | |
| default-action drop | |
| rule 10 { | |
| action accept | |
| description "Permit Return Traffic from the WAN" | |
| state { | |
| established enable | |
| related enable | |
| } | |
| } | |
| rule 20 { | |
| action drop | |
| description "Drop traffic matching FireHol Level 1,2 and 3 Blacklists" | |
| protocol all | |
| source { | |
| group { | |
| network-group Nets4-BlackList | |
| } | |
| } | |
| } | |
| rule 50 { | |
| action accept | |
| description "Accept Traffic towards Adguard - DNS over TLS" | |
| destination { | |
| port 853 | |
| } | |
| protocol tcp_udp | |
| } | |
| rule 90 { | |
| action accept | |
| description "Permit Trusted Hosts to Micro SSH" | |
| destination { | |
| port ssh | |
| } | |
| protocol tcp | |
| source { | |
| group { | |
| network-group trusted-hosts | |
| } | |
| } | |
| } | |
| rule 95 { | |
| action accept | |
| description "Zabbix Agent Encrypted" | |
| destination { | |
| port 10051 | |
| } | |
| protocol tcp | |
| source { | |
| group { | |
| network-group trusted-hosts | |
| } | |
| } | |
| } | |
| rule 100 { | |
| action accept | |
| description "Permit traffic to NAT Rules" | |
| destination { | |
| port 25,80,443,5001,8123,8920,22067-22070,34342,45459,49371,58050-58051 | |
| } | |
| protocol tcp_udp | |
| } | |
| } | |
| name WAN-LOCAL { | |
| default-action drop | |
| rule 10 { | |
| action accept | |
| description "Accept return traffic from already established sessions" | |
| state { | |
| established enable | |
| related enable | |
| } | |
| } | |
| rule 15 { | |
| action accept | |
| description "Accept ICMP from Trusted Hosts" | |
| icmp { | |
| type-name echo-request | |
| } | |
| protocol icmp | |
| source { | |
| group { | |
| network-group trusted-hosts | |
| } | |
| } | |
| state { | |
| new enable | |
| } | |
| } | |
| rule 20 { | |
| action accept | |
| description "Incoming Wireguard Sessions" | |
| destination { | |
| port 7777-7778 | |
| } | |
| log disable | |
| protocol udp | |
| } | |
| } | |
| options { | |
| interface wg0 { | |
| adjust-mss 1380 | |
| } | |
| interface wg1 { | |
| adjust-mss 1380 | |
| } | |
| } | |
| receive-redirects disable | |
| send-redirects enable | |
| source-validation disable | |
| syn-cookies disable | |
| twa-hazards-protection enable | |
| } | |
| interfaces { | |
| ethernet eth0 { | |
| description "WAN Interface - Unison Fibre - NowNZ" | |
| duplex auto | |
| mac 4c:55:56:44:41:4e | |
| mtu 9000 | |
| offload { | |
| gro | |
| gso | |
| sg | |
| tso | |
| } | |
| speed auto | |
| } | |
| ethernet eth1 { | |
| address 192.168.0.1/24 | |
| description "MuppetLAN Network" | |
| duplex auto | |
| firewall { | |
| in { | |
| name LAN-IN | |
| } | |
| } | |
| ip { | |
| source-validation strict | |
| } | |
| mac 54:1e:56:36:29:1e | |
| mtu 9000 | |
| offload { | |
| gro | |
| gso | |
| sg | |
| tso | |
| } | |
| speed auto | |
| traffic-policy { | |
| out pppoe-in | |
| } | |
| } | |
| loopback lo { | |
| description "Loopback Interface" | |
| } | |
| pppoe pppoe0 { | |
| authentication { | |
| password **************** | |
| user CENSORED | |
| } | |
| default-route force | |
| description "Internet" | |
| firewall { | |
| in { | |
| name WAN-IN | |
| } | |
| local { | |
| name WAN-LOCAL | |
| } | |
| } | |
| mru 1500 | |
| mtu 1500 | |
| source-interface eth0 | |
| traffic-policy { | |
| out pppoe-out | |
| } | |
| } | |
| wireguard wg0 { | |
| address 192.168.10.1/24 | |
| description "Ferrari Wireguard" | |
| peer bobo.muppetz.com { | |
| allowed-ips 192.168.10.5/32 | |
| persistent-keepalive 25 | |
| preshared-key **************** | |
| pubkey **************** | |
| } | |
| peer jelly2 { | |
| allowed-ips 192.168.10.16/32 | |
| persistent-keepalive 25 | |
| preshared-key **************** | |
| pubkey **************** | |
| } | |
| peer mail.muppetz.com { | |
| allowed-ips 192.168.10.2/32 | |
| persistent-keepalive 20 | |
| preshared-key **************** | |
| pubkey **************** | |
| } | |
| peer nownz-laptop { | |
| allowed-ips 192.168.10.22/32 | |
| persistent-keepalive 25 | |
| preshared-key **************** | |
| pubkey **************** | |
| } | |
| peer openwrt-wr902ac { | |
| allowed-ips 192.168.10.13/32 | |
| persistent-keepalive 25 | |
| preshared-key **************** | |
| pubkey **************** | |
| } | |
| peer pa { | |
| allowed-ips 192.168.10.24/32 | |
| persistent-keepalive 25 | |
| preshared-key **************** | |
| pubkey **************** | |
| } | |
| peer pixel { | |
| allowed-ips 192.168.10.11/32 | |
| persistent-keepalive 25 | |
| preshared-key **************** | |
| pubkey **************** | |
| } | |
| peer pixel4xl { | |
| allowed-ips 192.168.10.10/32 | |
| persistent-keepalive 25 | |
| preshared-key **************** | |
| pubkey **************** | |
| } | |
| peer pixel7pro { | |
| allowed-ips 192.168.10.17/32 | |
| persistent-keepalive 25 | |
| preshared-key **************** | |
| pubkey **************** | |
| } | |
| peer sarahs-iphone { | |
| allowed-ips 192.168.10.25/32 | |
| persistent-keepalive 25 | |
| preshared-key **************** | |
| pubkey **************** | |
| } | |
| peer sweetums { | |
| allowed-ips 192.168.10.15/32 | |
| persistent-keepalive 25 | |
| preshared-key **************** | |
| pubkey **************** | |
| } | |
| peer thinky { | |
| allowed-ips 192.168.10.20/32 | |
| persistent-keepalive 25 | |
| preshared-key **************** | |
| pubkey **************** | |
| } | |
| peer tims-ipad { | |
| allowed-ips 192.168.10.23/32 | |
| persistent-keepalive 25 | |
| preshared-key **************** | |
| pubkey **************** | |
| } | |
| peer tims-macbook { | |
| allowed-ips 192.168.10.26/32 | |
| persistent-keepalive 25 | |
| preshared-key **************** | |
| pubkey **************** | |
| } | |
| port 7777 | |
| } | |
| wireguard wg1 { | |
| address 10.89.90.2/30 | |
| description "Wireguard Connection to Sam for Media Sharing" | |
| firewall { | |
| in { | |
| name SAM-IN | |
| } | |
| out { | |
| name SAM-OUT | |
| } | |
| } | |
| peer sam { | |
| address 114.23.93.1 | |
| allowed-ips 10.1.1.0/24 | |
| allowed-ips 10.89.90.1/32 | |
| persistent-keepalive 20 | |
| port 1200 | |
| preshared-key **************** | |
| pubkey **************** | |
| } | |
| port 7778 | |
| } | |
| } | |
| nat { | |
| destination { | |
| rule 50 { | |
| description "rTorrent on Micro" | |
| destination { | |
| port 49371 | |
| } | |
| inbound-interface pppoe0 | |
| protocol tcp_udp | |
| translation { | |
| address 192.168.0.5 | |
| } | |
| } | |
| rule 51 { | |
| description "BubbleUPNP Remote Access" | |
| destination { | |
| port 58050-58051 | |
| } | |
| inbound-interface pppoe0 | |
| protocol tcp | |
| translation { | |
| address 192.168.0.5 | |
| } | |
| } | |
| rule 52 { | |
| description "Syncthing Relay" | |
| destination { | |
| port 22067-22070 | |
| } | |
| inbound-interface pppoe0 | |
| protocol tcp | |
| translation { | |
| address 192.168.0.5 | |
| } | |
| } | |
| rule 53 { | |
| description "qBittorrent on XPS" | |
| destination { | |
| port 34342 | |
| } | |
| inbound-interface pppoe0 | |
| protocol tcp_udp | |
| translation { | |
| address 192.168.0.121 | |
| } | |
| } | |
| rule 54 { | |
| description "qBittorrent on Thinky" | |
| destination { | |
| port 45459 | |
| } | |
| inbound-interface pppoe0 | |
| protocol tcp_udp | |
| translation { | |
| address 192.168.0.120 | |
| } | |
| } | |
| rule 55 { | |
| description "SSH to Micro" | |
| destination { | |
| port 22 | |
| } | |
| inbound-interface pppoe0 | |
| protocol tcp | |
| translation { | |
| address 192.168.0.5 | |
| } | |
| } | |
| rule 56 { | |
| description "Jellyfin on Micro" | |
| destination { | |
| port 8920 | |
| } | |
| inbound-interface pppoe0 | |
| protocol tcp | |
| translation { | |
| address 192.168.0.5 | |
| } | |
| } | |
| rule 60 { | |
| description "Apache on Micro" | |
| destination { | |
| port 80,443 | |
| } | |
| inbound-interface pppoe0 | |
| protocol tcp | |
| translation { | |
| address 192.168.0.5 | |
| } | |
| } | |
| rule 70 { | |
| description "Icecast on Micro" | |
| destination { | |
| port 5001 | |
| } | |
| inbound-interface pppoe0 | |
| protocol tcp | |
| translation { | |
| address 192.168.0.5 | |
| } | |
| } | |
| rule 80 { | |
| description "STMP on Micro" | |
| destination { | |
| port 25 | |
| } | |
| inbound-interface pppoe0 | |
| protocol tcp | |
| translation { | |
| address 192.168.0.5 | |
| } | |
| } | |
| rule 90 { | |
| description "Home Assistant" | |
| destination { | |
| port 8123 | |
| } | |
| inbound-interface pppoe0 | |
| protocol tcp | |
| translation { | |
| address 192.168.0.7 | |
| } | |
| } | |
| rule 95 { | |
| description "Zabbix Agent Encrypted" | |
| destination { | |
| port 10051 | |
| } | |
| inbound-interface pppoe0 | |
| protocol tcp | |
| translation { | |
| address 192.168.0.253 | |
| } | |
| } | |
| rule 110 { | |
| description "Adguard - DNS over TLS" | |
| destination { | |
| port 853 | |
| } | |
| inbound-interface pppoe0 | |
| protocol tcp_udp | |
| translation { | |
| address 192.168.0.6 | |
| } | |
| } | |
| rule 200 { | |
| description "Hairpin NAT for Home Assistant" | |
| destination { | |
| address 202.137.243.17 | |
| port 8123 | |
| } | |
| inbound-interface eth1 | |
| protocol tcp | |
| translation { | |
| address 192.168.0.7 | |
| } | |
| } | |
| rule 210 { | |
| description "Hairpin NAT for Micro Services" | |
| destination { | |
| address 202.137.243.17 | |
| port 22,80,443,5001,8920 | |
| } | |
| inbound-interface eth1 | |
| protocol tcp | |
| translation { | |
| address 192.168.0.5 | |
| } | |
| } | |
| rule 220 { | |
| description "Hairpin NAT for Wifi Management" | |
| destination { | |
| address 202.137.243.17 | |
| port 8443 | |
| } | |
| inbound-interface eth1 | |
| protocol tcp | |
| translation { | |
| address 192.168.0.3 | |
| } | |
| } | |
| rule 230 { | |
| description "Hairpin NAT for Mosh Shell on Micro" | |
| destination { | |
| address 202.137.243.17 | |
| port 60000-60010 | |
| } | |
| inbound-interface eth1 | |
| protocol udp | |
| translation { | |
| address 192.168.0.5 | |
| } | |
| } | |
| rule 500 { | |
| description "Rewrite DNS Requests" | |
| destination { | |
| address !192.168.0.0/24 | |
| port 53 | |
| } | |
| inbound-interface eth1 | |
| protocol tcp_udp | |
| source { | |
| address !192.168.0.1-192.168.0.6 | |
| } | |
| translation { | |
| address 192.168.0.1 | |
| } | |
| } | |
| } | |
| source { | |
| rule 200 { | |
| description "Hairpin NAT for Home Assistant" | |
| destination { | |
| address 192.168.0.7 | |
| port 8123 | |
| } | |
| outbound-interface eth1 | |
| protocol tcp | |
| source { | |
| address 192.168.0.0/24 | |
| } | |
| translation { | |
| address masquerade | |
| } | |
| } | |
| rule 210 { | |
| description "Hairpin NAT for Micro Services" | |
| destination { | |
| address 192.168.0.5 | |
| port 22,80,443,5001,8920 | |
| } | |
| outbound-interface eth1 | |
| protocol tcp | |
| source { | |
| address 192.168.0.0/24 | |
| } | |
| translation { | |
| address masquerade | |
| } | |
| } | |
| rule 220 { | |
| description "Hairpin NAT for Wifi Management" | |
| destination { | |
| address 192.168.0.3 | |
| port 8443 | |
| } | |
| outbound-interface eth1 | |
| protocol tcp | |
| source { | |
| address 192.168.0.0/24 | |
| } | |
| translation { | |
| address masquerade | |
| } | |
| } | |
| rule 230 { | |
| description "Hairpin NAT for Mosh Shell on Micro" | |
| destination { | |
| address 192.168.0.5 | |
| port 60000-60010 | |
| } | |
| outbound-interface eth1 | |
| protocol udp | |
| source { | |
| address 192.168.0.0/24 | |
| } | |
| translation { | |
| address masquerade | |
| } | |
| } | |
| rule 1000 { | |
| description "Default NAT Rule for Internet Access" | |
| outbound-interface pppoe0 | |
| translation { | |
| address masquerade | |
| } | |
| } | |
| } | |
| } | |
| policy { | |
| prefix-list sams-routes { | |
| rule 1 { | |
| action permit | |
| prefix 10.1.1.0/24 | |
| } | |
| } | |
| prefix-list tims-routes { | |
| rule 1 { | |
| action permit | |
| prefix 192.168.0.0/24 | |
| } | |
| } | |
| route-map rm-static-to-bgp { | |
| rule 10 { | |
| action permit | |
| description "Local MuppetLAN Subnet" | |
| match { | |
| ip { | |
| address { | |
| prefix-list tims-routes | |
| } | |
| } | |
| } | |
| } | |
| rule 100 { | |
| action deny | |
| description "Default Deny" | |
| } | |
| } | |
| } | |
| protocols { | |
| bgp 64590 { | |
| address-family { | |
| ipv4-unicast { | |
| redistribute { | |
| connected { | |
| route-map rm-static-to-bgp | |
| } | |
| } | |
| } | |
| } | |
| neighbor 10.89.90.1 { | |
| address-family { | |
| ipv4-unicast { | |
| nexthop-self { | |
| } | |
| prefix-list { | |
| export tims-routes | |
| import sams-routes | |
| } | |
| soft-reconfiguration { | |
| inbound | |
| } | |
| } | |
| } | |
| description "Sams Router" | |
| password **************** | |
| remote-as 64589 | |
| } | |
| parameters { | |
| log-neighbor-changes | |
| router-id 10.89.90.2 | |
| } | |
| } | |
| static { | |
| route 10.0.0.0/8 { | |
| next-hop 192.168.0.15 { | |
| } | |
| } | |
| route 100.64.0.0/10 { | |
| next-hop 192.168.0.15 { | |
| } | |
| } | |
| route 103.8.143.135/32 { | |
| next-hop 192.168.0.15 { | |
| } | |
| } | |
| route 202.74.33.6/32 { | |
| next-hop 192.168.0.15 { | |
| } | |
| } | |
| route 202.137.240.52/32 { | |
| next-hop 192.168.0.15 { | |
| } | |
| } | |
| route 203.92.25.107/32 { | |
| next-hop 192.168.0.15 { | |
| } | |
| } | |
| } | |
| } | |
| service { | |
| dhcp-server { | |
| shared-network-name MuppetLAN { | |
| authoritative | |
| description "MuppetLAN DHCP Server" | |
| subnet 192.168.0.0/24 { | |
| default-router 192.168.0.1 | |
| domain-name muppetz.com | |
| domain-search muppetz.com | |
| lease 86400 | |
| name-server 192.168.0.6 | |
| ntp-server 192.168.0.1 | |
| range MuppetLANDynamic { | |
| start 192.168.0.150 | |
| stop 192.168.0.240 | |
| } | |
| static-mapping Beths-iPad { | |
| ip-address 192.168.0.113 | |
| mac-address f0:76:6f:41:6e:1c | |
| } | |
| static-mapping appletv { | |
| ip-address 192.168.0.101 | |
| mac-address 50:32:37:ba:62:79 | |
| } | |
| static-mapping beths-chromebook { | |
| ip-address 192.168.0.125 | |
| mac-address 90:0f:0c:f1:a5:4b | |
| } | |
| static-mapping beths-ipad { | |
| ip-address 192.168.0.127 | |
| mac-address f0:2f:4b:1a:4f:21 | |
| } | |
| static-mapping camera1 { | |
| ip-address 192.168.0.11 | |
| mac-address 78:11:dc:70:b9:4d | |
| static-mapping-parameters "option domain-name-servers 192.168.0.1;" | |
| } | |
| static-mapping camera2 { | |
| ip-address 192.168.0.12 | |
| mac-address 78:11:dc:70:b7:4f | |
| static-mapping-parameters "option domain-name-servers 192.168.0.1;" | |
| } | |
| static-mapping canon-printer { | |
| ip-address 192.168.0.60 | |
| mac-address 34:9f:7b:c9:36:12 | |
| } | |
| static-mapping carport-ap { | |
| ip-address 192.168.0.24 | |
| mac-address b4:fb:e4:70:ce:58 | |
| } | |
| static-mapping chatterbox { | |
| ip-address 192.168.0.10 | |
| mac-address b0:fa:eb:31:ef:3e | |
| } | |
| static-mapping daisys-chromebook { | |
| ip-address 192.168.0.130 | |
| mac-address 34:7d:f6:0c:e3:e2 | |
| } | |
| static-mapping daisysipad { | |
| ip-address 192.168.0.129 | |
| mac-address 52:77:34:96:33:96 | |
| } | |
| static-mapping hb { | |
| ip-address 192.168.0.14 | |
| mac-address 2c:3a:e8:39:0b:33 | |
| } | |
| static-mapping imac { | |
| ip-address 192.168.0.116 | |
| mac-address 38:f9:d3:de:45:5a | |
| } | |
| static-mapping ir-blaster-bedroom { | |
| ip-address 192.168.0.27 | |
| mac-address 78:0f:77:d8:f3:b4 | |
| } | |
| static-mapping kitchen-ap { | |
| ip-address 192.168.0.21 | |
| mac-address fc:ec:da:f0:44:20 | |
| } | |
| static-mapping kitchen-cca { | |
| ip-address 192.168.0.115 | |
| mac-address 54:60:09:e0:e3:40 | |
| } | |
| static-mapping lounge-ap { | |
| ip-address 192.168.0.22 | |
| mac-address 74:83:c2:c6:59:c6 | |
| } | |
| static-mapping micro { | |
| ip-address 192.168.0.5 | |
| mac-address 12:d7:8e:70:a7:b1 | |
| } | |
| static-mapping mikrotik { | |
| ip-address 192.168.0.4 | |
| mac-address 00:0c:42:a5:68:60 | |
| } | |
| static-mapping nownz-laptop { | |
| ip-address 192.168.0.123 | |
| mac-address 90:cc:df:1b:d6:68 | |
| } | |
| static-mapping office-aircon { | |
| ip-address 192.168.0.16 | |
| mac-address a0:c9:a0:08:93:3e | |
| } | |
| static-mapping oldipad { | |
| ip-address 192.168.0.112 | |
| mac-address 9c:04:eb:90:99:5c | |
| } | |
| static-mapping peters-old-ipad { | |
| ip-address 192.168.0.124 | |
| mac-address 5c:97:f3:a8:bb:18 | |
| } | |
| static-mapping pixel { | |
| ip-address 192.168.0.105 | |
| mac-address ac:37:43:a6:4c:95 | |
| } | |
| static-mapping pixel-7-pro { | |
| ip-address 192.168.0.128 | |
| mac-address d4:3a:2c:96:3a:cb | |
| } | |
| static-mapping pool-aircon { | |
| ip-address 192.168.0.26 | |
| mac-address 34:ea:e7:f5:9e:b2 | |
| } | |
| static-mapping poolshed-ap { | |
| ip-address 192.168.0.25 | |
| mac-address 78:8a:20:70:d9:36 | |
| } | |
| static-mapping ring-carport { | |
| ip-address 192.168.0.28 | |
| mac-address 9c:76:13:19:57:f1 | |
| } | |
| static-mapping ring-floodlight { | |
| ip-address 192.168.0.13 | |
| mac-address d4:36:39:a9:ea:46 | |
| } | |
| static-mapping sarah-hbrc-laptop { | |
| ip-address 192.168.0.133 | |
| mac-address 68:54:5a:ba:dc:4f | |
| static-mapping-parameters "option domain-name-servers 192.168.0.1;" | |
| } | |
| static-mapping shed-ap { | |
| ip-address 192.168.0.23 | |
| mac-address 78:8a:20:48:bb:69 | |
| } | |
| static-mapping spitfire { | |
| ip-address 192.168.0.2 | |
| mac-address f0:9f:c2:c4:28:c6 | |
| } | |
| static-mapping thinky { | |
| ip-address 192.168.0.120 | |
| mac-address 9c:2a:70:88:0f:2d | |
| } | |
| static-mapping tiltpi { | |
| ip-address 192.168.0.18 | |
| mac-address b8:27:eb:9b:73:b9 | |
| } | |
| static-mapping tims-macbook { | |
| ip-address 192.168.0.131 | |
| mac-address 6c:7e:67:cd:31:6f | |
| } | |
| static-mapping tims-mac-mini { | |
| ip-address 192.168.0.132 | |
| mac-address 20:a5:cb:d4:22:b0 | |
| } | |
| static-mapping tv { | |
| ip-address 192.168.0.99 | |
| mac-address 38:2c:4a:0e:e9:bb | |
| } | |
| static-mapping upstairs-ap { | |
| ip-address 192.168.0.20 | |
| mac-address 78:8a:20:48:bb:8d | |
| } | |
| } | |
| } | |
| } | |
| dns { | |
| forwarding { | |
| allow-from 192.168.0.0/16 | |
| cache-size 32768 | |
| dnssec off | |
| listen-address 192.168.0.1 | |
| name-server 202.137.240.39 | |
| name-server 202.137.240.40 | |
| } | |
| } | |
| snmp { | |
| community VeryLargeDancingSpaceChickens { | |
| authorization ro | |
| client 127.0.0.1 | |
| network 192.168.0.0/16 | |
| } | |
| contact "Tim Harman - [email protected]" | |
| location "10 Jervois Road, Jervoistown" | |
| } | |
| ssh { | |
| access-control { | |
| allow { | |
| user tim | |
| } | |
| } | |
| client-keepalive-interval 60 | |
| listen-address 192.168.0.1 | |
| listen-address 192.168.10.1 | |
| } | |
| } | |
| system { | |
| config-management { | |
| commit-revisions 100 | |
| } | |
| conntrack { | |
| hash-size 65536 | |
| modules { | |
| ftp | |
| pptp | |
| } | |
| table-size 524288 | |
| } | |
| console { | |
| device ttyS0 { | |
| speed 115200 | |
| } | |
| } | |
| domain-name muppetz.com | |
| host-name ferrari | |
| ip { | |
| arp { | |
| table-size 1024 | |
| } | |
| } | |
| login { | |
| banner { | |
| post-login "Ferrari - Vyos" | |
| } | |
| user tim { | |
| authentication { | |
| encrypted-password **************** | |
| public-keys JuiceSSH { | |
| key **************** | |
| type ecdsa-sha2-nistp384 | |
| } | |
| public-keys micro { | |
| key **************** | |
| type ssh-rsa | |
| } | |
| public-keys tim { | |
| key **************** | |
| type ssh-ed25519 | |
| } | |
| } | |
| full-name "Tim Harman" | |
| } | |
| } | |
| name-server 192.168.0.1 | |
| ntp { | |
| allow-clients { | |
| address 192.168.0.0/16 | |
| } | |
| listen-address 192.168.0.1 | |
| server p1.ntp.net.nz { | |
| } | |
| server p2.ntp.net.nz { | |
| } | |
| server p3.ntp.net.nz { | |
| } | |
| server p4.ntp.net.nz { | |
| } | |
| } | |
| option { | |
| ctrl-alt-delete ignore | |
| http-client { | |
| source-interface pppoe0 | |
| } | |
| reboot-on-panic | |
| startup-beep | |
| } | |
| static-host-mapping { | |
| host-name adguard.muppetz.com { | |
| inet 192.168.0.6 | |
| } | |
| host-name appletv.muppetz.com { | |
| inet 192.168.0.101 | |
| } | |
| host-name bobo.muppetz.com { | |
| inet 192.168.10.5 | |
| } | |
| host-name camera1.muppetz.com { | |
| inet 192.168.0.11 | |
| } | |
| host-name camera2.muppetz.com { | |
| inet 192.168.0.12 | |
| } | |
| host-name canon-printer.muppetz.com { | |
| alias canon-printer | |
| inet 192.168.0.60 | |
| } | |
| host-name carport-ap.muppetz.com { | |
| inet 192.168.0.24 | |
| } | |
| host-name chatterbox.muppetz.com { | |
| inet 192.168.0.10 | |
| } | |
| host-name chromecast.muppetz.com { | |
| inet 192.168.0.102 | |
| } | |
| host-name contacts.muppetz.com { | |
| inet 192.168.0.5 | |
| } | |
| host-name droid.muppetz.com { | |
| inet 192.168.0.114 | |
| } | |
| host-name fenix6pro.muppetz.com { | |
| inet 192.168.0.118 | |
| } | |
| host-name gallery.tjharman.com { | |
| inet 192.168.0.5 | |
| } | |
| host-name ha.muppetz.com { | |
| inet 192.168.0.7 | |
| } | |
| host-name hb.muppetz.com { | |
| inet 192.168.0.14 | |
| } | |
| host-name kitchen-ap.muppetz.com { | |
| inet 192.168.0.21 | |
| } | |
| host-name kitchen-cca { | |
| inet 192.168.0.115 | |
| } | |
| host-name kitchentv.muppetz.com { | |
| inet 192.168.0.103 | |
| } | |
| host-name lice.muppetz.com { | |
| inet 192.168.0.5 | |
| } | |
| host-name lounge-ap.muppetz.com { | |
| inet 192.168.0.22 | |
| } | |
| host-name mail.muppetz.com { | |
| inet 192.168.10.2 | |
| } | |
| host-name max.muppetz.com { | |
| inet 192.168.0.247 | |
| } | |
| host-name micro.muppetz.com { | |
| alias micro | |
| inet 192.168.0.5 | |
| } | |
| host-name mikrotik.muppetz.com { | |
| inet 192.168.0.4 | |
| } | |
| host-name mqtt.muppetz.com { | |
| inet 192.168.0.7 | |
| } | |
| host-name now-laptop.muppetz.com { | |
| alias now-laptop | |
| inet 192.168.10.22 | |
| } | |
| host-name office-aircon.muppetz.com { | |
| inet 192.168.0.16 | |
| } | |
| host-name oldipad.muppetz.com { | |
| inet 192.168.0.112 | |
| } | |
| host-name orbit.muppetz.com { | |
| inet 192.168.0.248 | |
| } | |
| host-name poolshed-ap.muppetz.com { | |
| inet 192.168.0.25 | |
| } | |
| host-name radio.muppetz.com { | |
| inet 192.168.0.5 | |
| } | |
| host-name reader.muppetz.com { | |
| inet 192.168.0.5 | |
| } | |
| host-name ring-carport.muppetz.com { | |
| inet 192.168.0.28 | |
| } | |
| host-name ring-floodlight.muppetz.com { | |
| inet 192.168.0.13 | |
| } | |
| host-name ring.muppetz.com { | |
| inet 192.168.0.9 | |
| } | |
| host-name router.muppetz.com { | |
| inet 192.168.0.1 | |
| } | |
| host-name rspamd.muppetz.com { | |
| inet 192.168.10.2 | |
| } | |
| host-name search.muppetz.com { | |
| inet 192.168.0.5 | |
| } | |
| host-name shed-ap.muppetz.com { | |
| inet 192.168.0.23 | |
| } | |
| host-name spitfire.muppetz.com { | |
| inet 192.168.0.2 | |
| } | |
| host-name sync.muppetz.com { | |
| inet 192.168.0.5 | |
| } | |
| host-name tasks.muppetz.com { | |
| inet 192.168.0.5 | |
| } | |
| host-name thinky.muppetz.com { | |
| inet 192.168.0.120 | |
| } | |
| host-name tilt.pi { | |
| inet 192.168.0.18 | |
| } | |
| host-name time.muppetz.com { | |
| inet 192.168.0.1 | |
| } | |
| host-name tjharman.com { | |
| inet 192.168.0.5 | |
| } | |
| host-name tv.muppetz.com { | |
| inet 192.168.0.99 | |
| } | |
| host-name upstairs-ap.muppetz.com { | |
| inet 192.168.0.20 | |
| } | |
| host-name vpn.muppetz.com { | |
| inet 192.168.0.1 | |
| } | |
| host-name wb.muppetz.com { | |
| inet 192.168.0.5 | |
| } | |
| host-name wifi.muppetz.com { | |
| inet 192.168.0.3 | |
| } | |
| host-name zabbix.muppetz.com { | |
| inet 192.168.0.253 | |
| } | |
| } | |
| sysctl { | |
| custom net.core.default_qdisc { | |
| value fq | |
| } | |
| custom net.ipv4.tcp_congestion_control { | |
| value bbr | |
| } | |
| } | |
| syslog { | |
| global { | |
| facility all { | |
| level info | |
| } | |
| } | |
| host 192.168.0.5 { | |
| facility all { | |
| level debug | |
| protocol udp | |
| } | |
| } | |
| } | |
| task-scheduler { | |
| task Update-Blacklists { | |
| executable { | |
| path /config/scripts/updBlackList.sh | |
| } | |
| interval 3h | |
| } | |
| task configbackup { | |
| executable { | |
| path /config/scripts/restic-backup | |
| } | |
| interval 1d | |
| } | |
| task fstrim { | |
| executable { | |
| arguments "/sbin/fstrim -a" | |
| path /bin/sudo | |
| } | |
| interval 7d | |
| } | |
| } | |
| time-zone Pacific/Auckland | |
| } | |
| traffic-policy { | |
| shaper pppoe-in { | |
| bandwidth 710mbit | |
| class 5 { | |
| bandwidth 4% | |
| burst 2mb | |
| description "TCP SYN/ACK" | |
| match tiny4 { | |
| ip { | |
| tcp { | |
| ack | |
| syn | |
| } | |
| } | |
| } | |
| priority 0 | |
| queue-limit 100 | |
| queue-type fq-codel | |
| } | |
| class 10 { | |
| bandwidth 1% | |
| burst 1mb | |
| description "DNS Traffic" | |
| match dns { | |
| ip { | |
| protocol udp | |
| source { | |
| port 53 | |
| } | |
| } | |
| } | |
| priority 1 | |
| queue-limit 100 | |
| queue-type fq-codel | |
| } | |
| default { | |
| bandwidth 95% | |
| burst 15k | |
| ceiling 100% | |
| codel-quantum 8000 | |
| priority 7 | |
| queue-type fq-codel | |
| } | |
| } | |
| shaper pppoe-out { | |
| bandwidth 450mbit | |
| class 5 { | |
| bandwidth 4% | |
| burst 2mb | |
| description "TCP SYN/ACK" | |
| match tiny4 { | |
| ip { | |
| tcp { | |
| ack | |
| syn | |
| } | |
| } | |
| } | |
| priority 0 | |
| queue-limit 50 | |
| queue-type fq-codel | |
| } | |
| class 10 { | |
| bandwidth 1% | |
| burst 1mb | |
| description "DNS Traffic" | |
| match dns { | |
| ip { | |
| destination { | |
| port 53 | |
| } | |
| protocol udp | |
| } | |
| } | |
| priority 1 | |
| queue-limit 50 | |
| queue-type fq-codel | |
| } | |
| default { | |
| bandwidth 95% | |
| burst 15k | |
| ceiling 100% | |
| codel-quantum 8000 | |
| priority 7 | |
| queue-type fq-codel | |
| } | |
| description "450Mbps Out via PPPoE" | |
| } | |
| } |
File Metadata
File Metadata
- Mime Type
- text/plain
- Storage Engine
- blob
- Storage Format
- Raw Data
- Storage Handle
- 236277
- Default Alt Text
- conf.txt (34 KB)