Vyatta Sample Config MSC

From MS Computech
Jump to: navigation, search

ตัวอย่าง Config ของ vyatta v5 ที่ผมได้ทดสอบทำเป็น Bridge firewall Allow only 22,53,80,443 

firewall {
    broadcast-ping disable
    conntrack-tcp-loose enable
    ip-src-route disable
    log-martians enable
    name bridgewall {
        rule 1 {
            action accept
            destination {
                port 22,53,80,443
            }
            protocol tcp
        }
        rule 2 {
            action accept
            description "Allow ICMP"
            protocol icmp
        }
        rule 3 {
            action accept
            destination {
                port 53
            }
            protocol udp
        }
    }
    receive-redirects disable
    send-redirects disable
    syn-cookies enable
}
interfaces {
    bridge br0 {
        address 192.168.1.111/24
        aging 300
        disable false
        firewall {
            in {
                name bridgewall
            }
        }
        forwarding-delay 15
        hello-time 2
        max-age 20
        priority 0
        stp false
    }
    ethernet eth0 {
        bridge-group {
            bridge br0
        }
        duplex auto
        hw-id 00:0c:29:b2:78:cc
        speed auto
    }
    ethernet eth1 {
        bridge-group {
            bridge br0
        }
        duplex auto
        hw-id 00:0c:29:b2:78:d6
        speed auto
    }
    loopback lo {
    }
}
service {
    ssh {
        allow-root false
        port 22
        protocol-version v2
    }
}
system {
    gateway-address 192.168.1.1
    host-name vyatta
    login {
        user root {
            authentication {
                encrypted-password $1$n/txJMIg$05maQj.GbfpmmFugt9ziI.
            }
            level admin
        }
        user vyatta {
            authentication {
                encrypted-password $1$qDf19XQY$05tiNbnHp53YToeUmBbXN1
            }
            level admin
        }
    }
    name-server 203.144.207.49
    name-server 203.144.207.29
    ntp-server 69.59.150.135
    package {
        auto-sync 1
        repository community {
            components main
            distribution stable
            password ""
            url http://packages.vyatta.com/vyatta
            username ""
        }
    }
    time-zone GMT
}


/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "vrrp@1:wanloadbalance@1:dhcp-server@4:serial@1:nat@3:webgui@1:dhcp-relay@1:cluster@1:firewall@3:ipsec@1:quagga@1" === */
/* Release version: VC5.0.0 */

Retrieved from "https://msc.siamtools.com/wiki/index.php?title=Vyatta_Sample_Config_MSC&oldid=371"