Skip to content

Instantly share code, notes, and snippets.

@stevejenkins

stevejenkins/config.boot for Google Fiber + TV + ER-Lite

Last active February 24, 2024 04:47
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save stevejenkins/f86a071c9f840e06d508 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save stevejenkins/f86a071c9f840e06d508 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. stevejenkins revised this gist Jan 26, 2017. 1 changed file with 1 addition and 518 deletions.
    519 changes: 1 addition & 518 deletions config.boot for Google Fiber + TV + ER-Lite
    View file
    Original file line number Diff line number Diff line change
    @@ -1,518 +1 @@
    firewall {
    all-ping enable
    broadcast-ping disable
    ipv6-name WAN6_IN {
    default-action drop
    rule 10 {
    action accept
    description "Allow established/related"
    state {
    established enable
    related enable
    }
    }
    rule 20 {
    action drop
    description "Drop invalid state"
    state {
    invalid enable
    }
    }
    rule 30 {
    action accept
    description "Allow ICMPv6"
    log disable
    protocol icmpv6
    }
    }
    ipv6-name WAN6_LOCAL {
    default-action drop
    rule 10 {
    action accept
    description "Allow established/related"
    state {
    established enable
    related enable
    }
    }
    rule 20 {
    action drop
    description "Drop invalid state"
    state {
    invalid enable
    }
    }
    rule 30 {
    action accept
    description "Allow ICMPv6"
    icmpv6 {
    }
    protocol ipv6-icmp
    }
    rule 40 {
    action accept
    description "Allow DHCPv6"
    destination {
    port 546
    }
    protocol udp
    source {
    port 547
    }
    }
    }
    ipv6-name WAN6_OUT {
    default-action accept
    rule 10 {
    action accept
    description "Allow established/related"
    state {
    established enable
    related enable
    }
    }
    rule 20 {
    action reject
    description "Reject invalid state"
    state {
    invalid enable
    }
    }
    }
    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians enable
    name LAN_IN {
    default-action accept
    description "LAN to Internal"
    enable-default-log
    rule 10 {
    action drop
    description "drop invalid state"
    state {
    invalid enable
    }
    }
    }
    name WAN_IN {
    default-action drop
    description "WAN to LAN"
    enable-default-log
    rule 10 {
    action accept
    description "Allow Multicast"
    destination {
    address 224.0.0.0/4
    }
    log disable
    }
    rule 20 {
    action accept
    description "Allow established/related"
    log disable
    state {
    established enable
    invalid disable
    new disable
    related enable
    }
    }
    rule 30 {
    action accept
    description "Allow UDP to Multicast"
    destination {
    address 224.0.0.0/4
    }
    log disable
    protocol udp
    state {
    invalid enable
    new enable
    }
    }
    rule 40 {
    action accept
    description "Allow ICMP"
    log disable
    protocol icmp
    state {
    established enable
    related enable
    }
    }
    rule 50 {
    action accept
    description "Allow IGMP"
    log disable
    protocol igmp
    }
    rule 100 {
    action drop
    description "Drop invalid state"
    log disable
    protocol all
    state {
    established disable
    invalid enable
    new disable
    related disable
    }
    }
    }
    name WAN_LOCAL {
    default-action drop
    description "WAN to Router"
    enable-default-log
    rule 10 {
    action accept
    description "Allow established/related"
    state {
    established enable
    related enable
    }
    }
    rule 20 {
    action accept
    description "Port Forward - Router SSH"
    destination {
    address 192.168.1.1
    port 22
    }
    log disable
    protocol tcp
    time {
    }
    }
    rule 30 {
    action accept
    description "Port Forward - Router HTTPS"
    destination {
    address 192.168.1.1
    port 443
    }
    log disable
    protocol tcp
    }
    rule 40 {
    action accept
    description "Allow Multicast"
    destination {
    address 224.0.0.0/4
    }
    log disable
    }
    rule 100 {
    action drop
    description "Drop invalid state"
    log enable
    protocol all
    state {
    established disable
    invalid enable
    new disable
    related disable
    }
    }
    }
    name WAN_OUT {
    default-action accept
    description "Internal to WAN"
    enable-default-log
    rule 10 {
    action accept
    description "Allow established/related"
    log disable
    state {
    established enable
    related enable
    }
    }
    rule 20 {
    action reject
    description "Reject invalid state"
    log enable
    state {
    invalid enable
    }
    }
    }
    options {
    mss-clamp {
    interface-type all
    mss 1460
    }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
    }
    interfaces {
    ethernet eth0 {
    address 192.168.1.1/24
    description LAN
    duplex auto
    firewall {
    in {
    name LAN_IN
    }
    }
    speed auto
    vif 102 {
    address 10.0.0.1/24
    description "Guest Network VLAN"
    mtu 1500
    }
    }
    ethernet eth1 {
    description "Google Fiber Jack"
    duplex auto
    speed auto
    vif 2 {
    address dhcp
    description "Google Fiber WAN"
    dhcpv6-pd {
    pd 0 {
    interface eth0 {
    host-address ::1
    prefix-id :0
    service slaac
    }
    interface eth0.102 {
    host-address ::1
    prefix-id :1
    service slaac
    }
    interface eth2 {
    host-address ::1
    prefix-id :2
    service slaac
    }
    prefix-length /56
    }
    rapid-commit enable
    }
    egress-qos 0:3
    firewall {
    in {
    ipv6-name WAN6_IN
    name WAN_IN
    }
    local {
    ipv6-name WAN6_LOCAL
    name WAN_LOCAL
    }
    out {
    ipv6-name WAN6_OUT
    name WAN_OUT
    }
    }
    }
    }
    ethernet eth2 {
    address 192.168.3.1/24
    description "Local Config Port"
    duplex auto
    firewall {
    in {
    name LAN_IN
    }
    }
    speed auto
    }
    loopback lo {
    }
    }
    port-forward {
    auto-firewall enable
    hairpin-nat enable
    lan-interface eth0
    rule 10 {
    description "Router SSH"
    forward-to {
    address 192.168.1.1
    port 22
    }
    original-port 2222
    protocol tcp_udp
    }
    rule 20 {
    description "Router HTTPS"
    forward-to {
    address 192.168.1.1
    port 443
    }
    original-port 8080
    protocol tcp_udp
    }
    wan-interface eth1.2
    }
    protocols {
    igmp-proxy {
    interface eth0 {
    alt-subnet 192.168.1.1/24
    role downstream
    threshold 1
    }
    interface eth1.2 {
    alt-subnet 10.0.0.0/8
    role upstream
    threshold 1
    }
    }
    }
    service {
    dhcp-server {
    disabled false
    hostfile-update enable
    shared-network-name Guest {
    authoritative disable
    subnet 10.0.0.0/24 {
    default-router 10.0.0.1
    dns-server 8.8.8.8
    dns-server 8.8.4.4
    domain-name guest.example.com
    lease 86400
    start 10.0.0.10 {
    stop 10.0.0.199
    }
    }
    }
    shared-network-name LAN {
    authoritative disable
    subnet 192.168.1.0/24 {
    default-router 192.168.1.1
    dns-server 192.168.1.1
    dns-server 8.8.8.8
    dns-server 8.8.4.4
    domain-name example.com
    lease 86400
    start 192.168.1.101 {
    stop 192.168.1.254
    }
    }
    }
    shared-network-name LAN2 {
    authoritative disable
    subnet 192.168.3.0/24 {
    default-router 192.168.3.1
    dns-server 8.8.8.8
    dns-server 8.8.4.4
    lease 86400
    start 192.168.3.101 {
    stop 192.168.3.255
    }
    }
    }
    use-dnsmasq disable
    }
    dns {
    forwarding {
    cache-size 500
    listen-on eth0
    name-server 2001:4860:4860::8888
    name-server 2001:4860:4860::8844
    name-server 8.8.8.8
    name-server 8.8.4.4
    }
    }
    gui {
    http-port 80
    https-port 443
    older-ciphers enable
    }
    nat {
    rule 5000 {
    description "Masquerade for WAN"
    log disable
    outbound-interface eth1.2
    protocol all
    type masquerade
    }
    }
    ssh {
    port 22
    protocol-version v2
    }
    upnp2 {
    listen-on eth0
    nat-pmp disable
    secure-mode enable
    wan eth1.2
    }
    }
    system {
    host-name UBNT-gateway
    login {
    user ubnt {
    authentication {
    encrypted-password $1$zKNoUbAo$gomzUbYvgyUMcD436Wo66.
    plaintext-password ""
    }
    full-name "UBNT Admin"
    level admin
    }
    }
    name-server 2001:4860:4860::8888
    name-server 2001:4860:4860::8844
    name-server 8.8.8.8
    name-server 8.8.4.4
    ntp {
    server 0.ubnt.pool.ntp.org {
    }
    server 1.ubnt.pool.ntp.org {
    }
    server 2.ubnt.pool.ntp.org {
    }
    server 3.ubnt.pool.ntp.org {
    }
    }
    offload {
    hwnat disable
    ipsec enable
    ipv4 {
    forwarding enable
    vlan enable
    }
    ipv6 {
    forwarding enable
    vlan enable
    }
    }
    package {
    repository debian {
    components main
    distribution wheezy
    password ""
    url http://ftp.us.debian.org/debian
    username ""
    }
    repository wheezy {
    components "main contrib non-free"
    distribution wheezy
    password ""
    url http://http.us.debian.org/debian
    username ""
    }
    }
    syslog {
    global {
    facility all {
    level notice
    }
    facility protocols {
    level debug
    }
    }
    }
    time-zone America/Denver
    traffic-analysis {
    dpi enable
    export enable
    }
    }

    /* Warning: Do not remove the following line. */
    /* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
    /* Release version: v1.9.0.4901118.160804.1131 */
    Moved to: https://github.com/stevejenkins/Google-Fiber-EdgeRouter-Configs
  2. stevejenkins revised this gist Jan 24, 2017. 1 changed file with 0 additions and 67 deletions.
    67 changes: 0 additions & 67 deletions config.boot for Google Fiber + TV + ER-Lite
    View file
    Original file line number Diff line number Diff line change
    @@ -95,73 +95,6 @@ firewall {
    }
    }
    }
    name WAN_IN {
    default-action drop
    description "WAN to Internal"
    enable-default-log
    rule 10 {
    action accept
    description "Allow established/related"
    log disable
    state {
    established enable
    related enable
    }
    }
    rule 20 {
    action drop
    description "Drop invalid state"
    log enable
    state {
    invalid enable
    }
    }
    }
    name WAN_LOCAL {
    default-action drop
    description "WAN to Router"
    enable-default-log
    rule 10 {
    action accept
    description "Allow established/related"
    log disable
    state {
    established enable
    related enable
    }
    }
    rule 20 {
    action drop
    description "Drop invalid state"
    log enable
    protocol all
    state {
    invalid enable
    }
    }
    rule 30 {
    action accept
    description "Allow ICMP"
    log disable
    protocol icmp
    }
    rule 40 {
    action accept
    description "Port Forward - Router SSH"
    destination {
    address 192.168.1.1
    port 22
    }
    log disable
    protocol tcp
    }
    rule 50 {
    action accept
    description "Port Forward - Router HTTPS"
    destination {
    address 192.168.1.1
    port 443
    }
    name WAN_IN {
    default-action drop
    description "WAN to LAN"
  3. stevejenkins revised this gist Jan 22, 2017. No changes.
  4. stevejenkins renamed this gist Jan 22, 2017. 1 changed file with 130 additions and 0 deletions.
    130 changes: 130 additions & 0 deletions config.boot for Google Fiber + ER-Lite → config.boot for Google Fiber + TV + ER-Lite
    View file
    Original file line number Diff line number Diff line change
    @@ -162,8 +162,124 @@ firewall {
    address 192.168.1.1
    port 443
    }
    name WAN_IN {
    default-action drop
    description "WAN to LAN"
    enable-default-log
    rule 10 {
    action accept
    description "Allow Multicast"
    destination {
    address 224.0.0.0/4
    }
    log disable
    }
    rule 20 {
    action accept
    description "Allow established/related"
    log disable
    state {
    established enable
    invalid disable
    new disable
    related enable
    }
    }
    rule 30 {
    action accept
    description "Allow UDP to Multicast"
    destination {
    address 224.0.0.0/4
    }
    log disable
    protocol udp
    state {
    invalid enable
    new enable
    }
    }
    rule 40 {
    action accept
    description "Allow ICMP"
    log disable
    protocol icmp
    state {
    established enable
    related enable
    }
    }
    rule 50 {
    action accept
    description "Allow IGMP"
    log disable
    protocol igmp
    }
    rule 100 {
    action drop
    description "Drop invalid state"
    log disable
    protocol all
    state {
    established disable
    invalid enable
    new disable
    related disable
    }
    }
    }
    name WAN_LOCAL {
    default-action drop
    description "WAN to Router"
    enable-default-log
    rule 10 {
    action accept
    description "Allow established/related"
    state {
    established enable
    related enable
    }
    }
    rule 20 {
    action accept
    description "Port Forward - Router SSH"
    destination {
    address 192.168.1.1
    port 22
    }
    log disable
    protocol tcp
    time {
    }
    }
    rule 30 {
    action accept
    description "Port Forward - Router HTTPS"
    destination {
    address 192.168.1.1
    port 443
    }
    log disable
    protocol tcp
    }
    rule 40 {
    action accept
    description "Allow Multicast"
    destination {
    address 224.0.0.0/4
    }
    log disable
    }
    rule 100 {
    action drop
    description "Drop invalid state"
    log enable
    protocol all
    state {
    established disable
    invalid enable
    new disable
    related disable
    }
    }
    }
    name WAN_OUT {
    @@ -299,6 +415,20 @@ port-forward {
    }
    wan-interface eth1.2
    }
    protocols {
    igmp-proxy {
    interface eth0 {
    alt-subnet 192.168.1.1/24
    role downstream
    threshold 1
    }
    interface eth1.2 {
    alt-subnet 10.0.0.0/8
    role upstream
    threshold 1
    }
    }
    }
    service {
    dhcp-server {
    disabled false
  5. stevejenkins revised this gist Jan 21, 2017. 1 changed file with 0 additions and 2 deletions.
    2 changes: 0 additions & 2 deletions config.boot for Google Fiber + ER-Lite
    View file
    Original file line number Diff line number Diff line change
    @@ -164,8 +164,6 @@ firewall {
    }
    log disable
    protocol tcp
    source {
    }
    }
    }
    name WAN_OUT {
  6. stevejenkins renamed this gist Jan 8, 2017. 1 changed file with 0 additions and 0 deletions.
    0 config.boot for Google Fiber + ERL → config.boot for Google Fiber + ER-Lite
    View file
    File renamed without changes.
  7. stevejenkins revised this gist Jan 8, 2017. 1 changed file with 2 additions and 2 deletions.
    4 changes: 2 additions & 2 deletions config.boot for Google Fiber + ERL
    View file
    Original file line number Diff line number Diff line change
    @@ -149,7 +149,7 @@ firewall {
    action accept
    description "Port Forward - Router SSH"
    destination {
    address 192.168.0.1
    address 192.168.1.1
    port 22
    }
    log disable
    @@ -159,7 +159,7 @@ firewall {
    action accept
    description "Port Forward - Router HTTPS"
    destination {
    address 192.168.0.1
    address 192.168.1.1
    port 443
    }
    log disable
  8. stevejenkins revised this gist Jan 8, 2017. 1 changed file with 50 additions and 6 deletions.
    56 changes: 50 additions & 6 deletions config.boot for Google Fiber + ERL
    View file
    Original file line number Diff line number Diff line change
    @@ -61,7 +61,7 @@ firewall {
    }
    }
    }
    ipv6-name WAN6_OUT {
    ipv6-name WAN6_OUT {
    default-action accept
    rule 10 {
    action accept
    @@ -117,7 +117,7 @@ firewall {
    }
    }
    }
    name WAN_LOCAL {
    name WAN_LOCAL {
    default-action drop
    description "WAN to Router"
    enable-default-log
    @@ -145,6 +145,28 @@ firewall {
    log disable
    protocol icmp
    }
    rule 40 {
    action accept
    description "Port Forward - Router SSH"
    destination {
    address 192.168.0.1
    port 22
    }
    log disable
    protocol tcp
    }
    rule 50 {
    action accept
    description "Port Forward - Router HTTPS"
    destination {
    address 192.168.0.1
    port 443
    }
    log disable
    protocol tcp
    source {
    }
    }
    }
    name WAN_OUT {
    default-action accept
    @@ -234,6 +256,10 @@ interfaces {
    ipv6-name WAN6_LOCAL
    name WAN_LOCAL
    }
    out {
    ipv6-name WAN6_OUT
    name WAN_OUT
    }
    }
    }
    }
    @@ -255,6 +281,24 @@ port-forward {
    auto-firewall enable
    hairpin-nat enable
    lan-interface eth0
    rule 10 {
    description "Router SSH"
    forward-to {
    address 192.168.1.1
    port 22
    }
    original-port 2222
    protocol tcp_udp
    }
    rule 20 {
    description "Router HTTPS"
    forward-to {
    address 192.168.1.1
    port 443
    }
    original-port 8080
    protocol tcp_udp
    }
    wan-interface eth1.2
    }
    service {
    @@ -267,7 +311,7 @@ service {
    default-router 10.0.0.1
    dns-server 8.8.8.8
    dns-server 8.8.4.4
    domain-name guest.example.org
    domain-name guest.example.com
    lease 86400
    start 10.0.0.10 {
    stop 10.0.0.199
    @@ -281,7 +325,7 @@ service {
    dns-server 192.168.1.1
    dns-server 8.8.8.8
    dns-server 8.8.4.4
    domain-name example.org
    domain-name example.com
    lease 86400
    start 192.168.1.101 {
    stop 192.168.1.254
    @@ -304,7 +348,7 @@ service {
    }
    dns {
    forwarding {
    cache-size 1000
    cache-size 500
    listen-on eth0
    name-server 2001:4860:4860::8888
    name-server 2001:4860:4860::8844
    @@ -333,7 +377,7 @@ service {
    upnp2 {
    listen-on eth0
    nat-pmp disable
    secure-mode disable
    secure-mode enable
    wan eth1.2
    }
    }
  9. stevejenkins revised this gist Dec 24, 2016. 1 changed file with 79 additions and 23 deletions.
    102 changes: 79 additions & 23 deletions config.boot for Google Fiber + ERL
    View file
    Original file line number Diff line number Diff line change
    @@ -60,6 +60,24 @@ firewall {
    port 547
    }
    }
    }
    ipv6-name WAN6_OUT {
    default-action accept
    rule 10 {
    action accept
    description "Allow established/related"
    state {
    established enable
    related enable
    }
    }
    rule 20 {
    action reject
    description "Reject invalid state"
    state {
    invalid enable
    }
    }
    }
    ipv6-receive-redirects disable
    ipv6-src-route disable
    @@ -99,17 +117,40 @@ firewall {
    }
    }
    }
    name WAN_LOCAL {
    name WAN_LOCAL {
    default-action drop
    description "WAN to Router"
    enable-default-log
    rule 10 {
    action accept
    description "Allow established/related"
    log disable
    state {
    established enable
    related enable
    }
    }
    rule 20 {
    action drop
    description "Drop invalid state"
    log enable
    protocol all
    state {
    invalid enable
    }
    }
    rule 30 {
    action accept
    description "Allow ICMP"
    log disable
    protocol icmp
    }
    rule 20 {
    }
    name WAN_OUT {
    default-action accept
    description "Internal to WAN"
    enable-default-log
    rule 10 {
    action accept
    description "Allow established/related"
    log disable
    @@ -118,11 +159,10 @@ firewall {
    related enable
    }
    }
    rule 30 {
    action drop
    description "Drop invalid state"
    rule 20 {
    action reject
    description "Reject invalid state"
    log enable
    protocol all
    state {
    invalid enable
    }
    @@ -144,18 +184,17 @@ interfaces {
    address 192.168.1.1/24
    description LAN
    duplex auto
    ipv6 {
    address {
    autoconf
    }
    dup-addr-detect-transmits 1
    }
    firewall {
    in {
    name LAN_IN
    }
    }
    speed auto
    vif 102 {
    address 10.0.0.1/24
    description "Guest Network VLAN"
    mtu 1500
    }
    }
    ethernet eth1 {
    description "Google Fiber Jack"
    @@ -173,12 +212,12 @@ interfaces {
    }
    interface eth0.102 {
    host-address ::1
    prefix-id :2
    prefix-id :1
    service slaac
    }
    interface eth2 {
    host-address ::1
    prefix-id :3
    prefix-id :2
    service slaac
    }
    prefix-length /56
    @@ -222,19 +261,45 @@ service {
    dhcp-server {
    disabled false
    hostfile-update enable
    shared-network-name Guest {
    authoritative disable
    subnet 10.0.0.0/24 {
    default-router 10.0.0.1
    dns-server 8.8.8.8
    dns-server 8.8.4.4
    domain-name guest.example.org
    lease 86400
    start 10.0.0.10 {
    stop 10.0.0.199
    }
    }
    }
    shared-network-name LAN {
    authoritative disable
    subnet 192.168.1.0/24 {
    default-router 192.168.1.1
    dns-server 192.168.1.1
    dns-server 8.8.8.8
    dns-server 8.8.4.4
    domain-name example.org
    lease 86400
    start 192.168.1.101 {
    stop 192.168.1.254
    }
    }
    }
    shared-network-name LAN2 {
    authoritative disable
    subnet 192.168.3.0/24 {
    default-router 192.168.3.1
    dns-server 8.8.8.8
    dns-server 8.8.4.4
    lease 86400
    start 192.168.3.101 {
    stop 192.168.3.255
    }
    }
    }
    use-dnsmasq disable
    }
    dns {
    @@ -245,7 +310,6 @@ service {
    name-server 2001:4860:4860::8844
    name-server 8.8.8.8
    name-server 8.8.4.4
    system
    }
    }
    gui {
    @@ -289,7 +353,6 @@ system {
    name-server 2001:4860:4860::8844
    name-server 8.8.8.8
    name-server 8.8.4.4
    name-server 127.0.0.1
    ntp {
    server 0.ubnt.pool.ntp.org {
    }
    @@ -327,13 +390,6 @@ system {
    url http://http.us.debian.org/debian
    username ""
    }
    repository wheezy-security {
    components main
    distribution wheezy/updates
    password ""
    url http://security.debian.org
    username ""
    }
    }
    syslog {
    global {
  10. stevejenkins revised this gist Aug 17, 2016. 1 changed file with 16 additions and 10 deletions.
    26 changes: 16 additions & 10 deletions config.boot for Google Fiber + ERL
    View file
    Original file line number Diff line number Diff line change
    @@ -164,20 +164,26 @@ interfaces {
    vif 2 {
    address dhcp
    description "Google Fiber WAN"
    dhcp-options {
    default-route update
    default-route-distance 210
    name-server no-update
    }
    dhcpv6-pd {
    pd 1 {
    pd 0 {
    interface eth0 {
    prefix-id :0
    service slaac
    host-address ::1
    prefix-id :0
    service slaac
    }
    interface eth0.102 {
    host-address ::1
    prefix-id :2
    service slaac
    }
    interface eth2 {
    host-address ::1
    prefix-id :3
    service slaac
    }
    prefix-length /56
    prefix-length /56
    }
    rapid-commit enable
    rapid-commit enable
    }
    egress-qos 0:3
    firewall {
  11. stevejenkins revised this gist Aug 16, 2016. 1 changed file with 4 additions and 4 deletions.
    8 changes: 4 additions & 4 deletions config.boot for Google Fiber + ERL
    View file
    Original file line number Diff line number Diff line change
    @@ -235,10 +235,10 @@ service {
    forwarding {
    cache-size 1000
    listen-on eth0
    name-server 8.8.8.8
    name-server 8.8.4.4
    name-server 2001:4860:4860::8888
    name-server 2001:4860:4860::8844
    name-server 8.8.8.8
    name-server 8.8.4.4
    system
    }
    }
    @@ -279,10 +279,10 @@ system {
    level admin
    }
    }
    name-server 8.8.8.8
    name-server 8.8.4.4
    name-server 2001:4860:4860::8888
    name-server 2001:4860:4860::8844
    name-server 8.8.8.8
    name-server 8.8.4.4
    name-server 127.0.0.1
    ntp {
    server 0.ubnt.pool.ntp.org {
  12. stevejenkins revised this gist Aug 15, 2016. 1 changed file with 6 additions and 6 deletions.
    12 changes: 6 additions & 6 deletions config.boot for Google Fiber + ERL
    View file
    Original file line number Diff line number Diff line change
    @@ -69,7 +69,7 @@ firewall {
    default-action accept
    description "LAN to Internal"
    enable-default-log
    rule 1 {
    rule 10 {
    action drop
    description "drop invalid state"
    state {
    @@ -81,7 +81,7 @@ firewall {
    default-action drop
    description "WAN to Internal"
    enable-default-log
    rule 1 {
    rule 10 {
    action accept
    description "Allow established/related"
    log disable
    @@ -90,7 +90,7 @@ firewall {
    related enable
    }
    }
    rule 2 {
    rule 20 {
    action drop
    description "Drop invalid state"
    log enable
    @@ -103,13 +103,13 @@ firewall {
    default-action drop
    description "WAN to Router"
    enable-default-log
    rule 1 {
    rule 10 {
    action accept
    description "Allow ICMP"
    log disable
    protocol icmp
    }
    rule 2 {
    rule 20 {
    action accept
    description "Allow established/related"
    log disable
    @@ -118,7 +118,7 @@ firewall {
    related enable
    }
    }
    rule 3 {
    rule 30 {
    action drop
    description "Drop invalid state"
    log enable
  13. stevejenkins revised this gist Aug 15, 2016. No changes.
  14. stevejenkins revised this gist Aug 14, 2016. 1 changed file with 6 additions and 0 deletions.
    6 changes: 6 additions & 0 deletions config.boot for Google Fiber + ERL
    View file
    Original file line number Diff line number Diff line change
    @@ -18,6 +18,12 @@ firewall {
    invalid enable
    }
    }
    rule 30 {
    action accept
    description "Allow ICMPv6"
    log disable
    protocol icmpv6
    }
    }
    ipv6-name WAN6_LOCAL {
    default-action drop
  15. stevejenkins revised this gist Aug 13, 2016. 1 changed file with 1 addition and 0 deletions.
    1 change: 1 addition & 0 deletions config.boot for Google Fiber + ERL
    View file
    Original file line number Diff line number Diff line change
    @@ -166,6 +166,7 @@ interfaces {
    dhcpv6-pd {
    pd 1 {
    interface eth0 {
    prefix-id :0
    service slaac
    }
    prefix-length /56
  16. stevejenkins revised this gist Aug 13, 2016. 1 changed file with 7 additions and 1 deletion.
    8 changes: 7 additions & 1 deletion config.boot for Google Fiber + ERL
    View file
    Original file line number Diff line number Diff line change
    @@ -98,6 +98,12 @@ firewall {
    description "WAN to Router"
    enable-default-log
    rule 1 {
    action accept
    description "Allow ICMP"
    log disable
    protocol icmp
    }
    rule 2 {
    action accept
    description "Allow established/related"
    log disable
    @@ -106,7 +112,7 @@ firewall {
    related enable
    }
    }
    rule 2 {
    rule 3 {
    action drop
    description "Drop invalid state"
    log enable
  17. stevejenkins revised this gist Aug 13, 2016. 1 changed file with 7 additions and 3 deletions.
    10 changes: 7 additions & 3 deletions config.boot for Google Fiber + ERL
    View file
    Original file line number Diff line number Diff line change
    @@ -132,6 +132,12 @@ interfaces {
    address 192.168.1.1/24
    description LAN
    duplex auto
    ipv6 {
    address {
    autoconf
    }
    dup-addr-detect-transmits 1
    }
    firewall {
    in {
    name LAN_IN
    @@ -152,10 +158,8 @@ interfaces {
    name-server no-update
    }
    dhcpv6-pd {
    pd 0 {
    pd 1 {
    interface eth0 {
    host-address ::1
    prefix-id :1
    service slaac
    }
    prefix-length /56
  18. stevejenkins revised this gist Aug 13, 2016. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion config.boot for Google Fiber + ERL
    View file
    Original file line number Diff line number Diff line change
    @@ -278,7 +278,7 @@ system {
    }
    }
    offload {
    hwnat enable
    hwnat disable
    ipsec enable
    ipv4 {
    forwarding enable
  19. stevejenkins revised this gist Aug 13, 2016. No changes.
  20. stevejenkins revised this gist Aug 13, 2016. 1 changed file with 136 additions and 4 deletions.
    140 changes: 136 additions & 4 deletions config.boot for Google Fiber + ERL
    View file
    Original file line number Diff line number Diff line change
    @@ -1,10 +1,76 @@
    firewall {
    all-ping enable
    broadcast-ping disable
    ipv6-name WAN6_IN {
    default-action drop
    rule 10 {
    action accept
    description "Allow established/related"
    state {
    established enable
    related enable
    }
    }
    rule 20 {
    action drop
    description "Drop invalid state"
    state {
    invalid enable
    }
    }
    }
    ipv6-name WAN6_LOCAL {
    default-action drop
    rule 10 {
    action accept
    description "Allow established/related"
    state {
    established enable
    related enable
    }
    }
    rule 20 {
    action drop
    description "Drop invalid state"
    state {
    invalid enable
    }
    }
    rule 30 {
    action accept
    description "Allow ICMPv6"
    icmpv6 {
    }
    protocol ipv6-icmp
    }
    rule 40 {
    action accept
    description "Allow DHCPv6"
    destination {
    port 546
    }
    protocol udp
    source {
    port 547
    }
    }
    }
    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians enable
    name LAN_IN {
    default-action accept
    description "LAN to Internal"
    enable-default-log
    rule 1 {
    action drop
    description "drop invalid state"
    state {
    invalid enable
    }
    }
    }
    name WAN_IN {
    default-action drop
    description "WAN to Internal"
    @@ -44,6 +110,7 @@ firewall {
    action drop
    description "Drop invalid state"
    log enable
    protocol all
    state {
    invalid enable
    }
    @@ -65,6 +132,11 @@ interfaces {
    address 192.168.1.1/24
    description LAN
    duplex auto
    firewall {
    in {
    name LAN_IN
    }
    }
    speed auto
    }
    ethernet eth1 {
    @@ -73,14 +145,31 @@ interfaces {
    speed auto
    vif 2 {
    address dhcp
    address dhcpv6
    description "Google Fiber WAN"
    dhcp-options {
    default-route update
    default-route-distance 210
    name-server no-update
    }
    dhcpv6-pd {
    pd 0 {
    interface eth0 {
    host-address ::1
    prefix-id :1
    service slaac
    }
    prefix-length /56
    }
    rapid-commit enable
    }
    egress-qos 0:3
    firewall {
    in {
    ipv6-name WAN6_IN
    name WAN_IN
    }
    local {
    ipv6-name WAN6_LOCAL
    name WAN_LOCAL
    }
    }
    @@ -90,6 +179,11 @@ interfaces {
    address 192.168.3.1/24
    description "Local Config Port"
    duplex auto
    firewall {
    in {
    name LAN_IN
    }
    }
    speed auto
    }
    loopback lo {
    @@ -110,12 +204,15 @@ service {
    subnet 192.168.1.0/24 {
    default-router 192.168.1.1
    dns-server 192.168.1.1
    dns-server 8.8.8.8
    dns-server 8.8.4.4
    lease 86400
    start 192.168.1.101 {
    stop 192.168.1.254
    }
    }
    }
    use-dnsmasq disable
    }
    dns {
    forwarding {
    @@ -124,11 +221,14 @@ service {
    name-server 8.8.8.8
    name-server 8.8.4.4
    name-server 2001:4860:4860::8888
    name-server 2001:4860:4860::8844
    system
    }
    }
    gui {
    http-port 80
    https-port 443
    older-ciphers enable
    }
    nat {
    rule 5000 {
    @@ -156,14 +256,17 @@ system {
    user ubnt {
    authentication {
    encrypted-password $1$zKNoUbAo$gomzUbYvgyUMcD436Wo66.
    plaintext-password ""
    }
    full-name "UBNT Admin"
    level admin
    }
    }
    name-server 8.8.8.8
    name-server 8.8.4.4
    name-server 2001:4860:4860::8888
    name-server 2001:4860:4860::8844
    name-server 127.0.0.1
    ntp {
    server 0.ubnt.pool.ntp.org {
    }
    @@ -175,13 +278,38 @@ system {
    }
    }
    offload {
    hwnat enable
    ipsec enable
    ipv4 {
    forwarding enable
    vlan enable
    }
    ipv6 {
    forwarding disable
    forwarding enable
    vlan enable
    }
    }
    package {
    repository debian {
    components main
    distribution wheezy
    password ""
    url http://ftp.us.debian.org/debian
    username ""
    }
    repository wheezy {
    components "main contrib non-free"
    distribution wheezy
    password ""
    url http://http.us.debian.org/debian
    username ""
    }
    repository wheezy-security {
    components main
    distribution wheezy/updates
    password ""
    url http://security.debian.org
    username ""
    }
    }
    syslog {
    @@ -195,8 +323,12 @@ system {
    }
    }
    time-zone America/Denver
    traffic-analysis {
    dpi enable
    export enable
    }
    }

    /* Warning: Do not remove the following line. */
    /* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@4:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
    /* Release version: v1.7.0.4783374.150622.1534 */
    /* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
    /* Release version: v1.9.0.4901118.160804.1131 */
  21. stevejenkins revised this gist Jan 1, 2016. 1 changed file with 0 additions and 1 deletion.
    1 change: 0 additions & 1 deletion config.boot for Google Fiber + ERL
    View file
    Original file line number Diff line number Diff line change
    @@ -183,7 +183,6 @@ system {
    ipv6 {
    forwarding disable
    }

    }
    syslog {
    global {
  22. stevejenkins revised this gist Jan 1, 2016. 1 changed file with 6 additions and 5 deletions.
    11 changes: 6 additions & 5 deletions config.boot for Google Fiber + ERL
    View file
    Original file line number Diff line number Diff line change
    @@ -122,6 +122,7 @@ service {
    cache-size 1000
    listen-on eth0
    name-server 8.8.8.8
    name-server 8.8.4.4
    name-server 2001:4860:4860::8888
    system
    }
    @@ -174,10 +175,15 @@ system {
    }
    }
    offload {
    ipsec enable
    ipv4 {
    forwarding enable
    vlan enable
    }
    ipv6 {
    forwarding disable
    }

    }
    syslog {
    global {
    @@ -190,13 +196,8 @@ system {
    }
    }
    time-zone America/Denver
    traffic-analysis {
    dpi disable
    export disable
    }
    }


    /* Warning: Do not remove the following line. */
    /* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@4:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
    /* Release version: v1.7.0.4783374.150622.1534 */
  23. stevejenkins revised this gist Jan 1, 2016. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion config.boot for Google Fiber + ERL
    View file
    Original file line number Diff line number Diff line change
    @@ -119,7 +119,7 @@ service {
    }
    dns {
    forwarding {
    cache-size 500
    cache-size 1000
    listen-on eth0
    name-server 8.8.8.8
    name-server 2001:4860:4860::8888
  24. stevejenkins revised this gist Jan 1, 2016. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion config.boot for Google Fiber + ERL
    View file
    Original file line number Diff line number Diff line change
    @@ -104,7 +104,7 @@ port-forward {
    service {
    dhcp-server {
    disabled false
    hostfile-update disable
    hostfile-update enable
    shared-network-name LAN {
    authoritative disable
    subnet 192.168.1.0/24 {
  25. stevejenkins revised this gist Jan 1, 2016. 1 changed file with 1 addition and 2 deletions.
    3 changes: 1 addition & 2 deletions config.boot for Google Fiber + ERL
    View file
    Original file line number Diff line number Diff line change
    @@ -109,8 +109,7 @@ service {
    authoritative disable
    subnet 192.168.1.0/24 {
    default-router 192.168.1.1
    dns-server 8.8.8.8
    dns-server 8.8.4.4
    dns-server 192.168.1.1
    lease 86400
    start 192.168.1.101 {
    stop 192.168.1.254
  26. stevejenkins renamed this gist Nov 9, 2015. 1 changed file with 0 additions and 0 deletions.
    0 config.boot → config.boot for Google Fiber + ERL
    View file
    File renamed without changes.
  27. stevejenkins revised this gist Nov 8, 2015. 1 changed file with 22 additions and 6 deletions.
    28 changes: 22 additions & 6 deletions config.boot
    View file
    Original file line number Diff line number Diff line change
    @@ -87,35 +87,44 @@ interfaces {
    }
    }
    ethernet eth2 {
    address 192.168.100.1/24
    address 192.168.3.1/24
    description "Local Config Port"
    duplex auto
    speed auto
    }
    loopback lo {
    }
    }
    port-forward {
    auto-firewall enable
    hairpin-nat enable
    lan-interface eth0
    wan-interface eth1.2
    }
    service {
    dhcp-server {
    disabled false
    hostfile-update disable
    shared-network-name LAN {
    authoritative disable
    subnet 192.168.1.1/24 {
    subnet 192.168.1.0/24 {
    default-router 192.168.1.1
    dns-server 8.8.8.8
    dns-server 8.8.4.4
    lease 86400
    start 192.168.1.20 {
    stop 192.168.1.225
    start 192.168.1.101 {
    stop 192.168.1.254
    }
    }
    }
    }
    dns {
    forwarding {
    cache-size 150
    cache-size 500
    listen-on eth0
    name-server 8.8.8.8
    name-server 2001:4860:4860::8888
    system
    }
    }
    gui {
    @@ -142,7 +151,7 @@ service {
    }
    }
    system {
    host-name ubnt
    host-name UBNT-gateway
    login {
    user ubnt {
    authentication {
    @@ -153,6 +162,8 @@ system {
    }
    name-server 8.8.8.8
    name-server 8.8.4.4
    name-server 2001:4860:4860::8888
    name-server 2001:4860:4860::8844
    ntp {
    server 0.ubnt.pool.ntp.org {
    }
    @@ -165,6 +176,7 @@ system {
    }
    offload {
    ipv4 {
    forwarding enable
    vlan enable
    }
    }
    @@ -179,6 +191,10 @@ system {
    }
    }
    time-zone America/Denver
    traffic-analysis {
    dpi disable
    export disable
    }
    }


  28. stevejenkins revised this gist Nov 8, 2015. 1 changed file with 5 additions and 0 deletions.
    5 changes: 5 additions & 0 deletions config.boot
    View file
    Original file line number Diff line number Diff line change
    @@ -163,6 +163,11 @@ system {
    server 3.ubnt.pool.ntp.org {
    }
    }
    offload {
    ipv4 {
    vlan enable
    }
    }
    syslog {
    global {
    facility all {
  29. stevejenkins revised this gist Nov 8, 2015. 1 changed file with 2 additions and 0 deletions.
    2 changes: 2 additions & 0 deletions config.boot
    View file
    Original file line number Diff line number Diff line change
    @@ -151,6 +151,8 @@ system {
    level admin
    }
    }
    name-server 8.8.8.8
    name-server 8.8.4.4
    ntp {
    server 0.ubnt.pool.ntp.org {
    }
  30. stevejenkins revised this gist Nov 7, 2015. 1 changed file with 4 additions and 5 deletions.
    9 changes: 4 additions & 5 deletions config.boot
    View file
    Original file line number Diff line number Diff line change
    @@ -63,7 +63,6 @@ firewall {
    interfaces {
    ethernet eth0 {
    address 192.168.1.1/24
    address 192.168.0.1/24
    description LAN
    duplex auto
    speed auto
    @@ -102,13 +101,13 @@ service {
    hostfile-update disable
    shared-network-name LAN {
    authoritative disable
    subnet 192.168.0.1/24 {
    default-router 192.168.0.1
    subnet 192.168.1.1/24 {
    default-router 192.168.1.1
    dns-server 8.8.8.8
    dns-server 8.8.4.4
    lease 86400
    start 192.168.0.20 {
    stop 192.168.0.225
    start 192.168.1.20 {
    stop 192.168.1.225
    }
    }
    }