Standard configuration for Edgerouter Lite

Standard Configuration
set firewall all-ping enable
set firewall broadcast-ping disable
set firewall ipv6-receive-redirects disable
set firewall ipv6-src-route disable
set firewall ip-src-route disable
set firewall log-martians enable
set firewall receive-redirects disable
set firewall send-redirects enable
set firewall source-validation disable
set firewall syn-cookies enable
set firewall name WAN_IN default-action drop
set firewall name WAN_IN enable-default-log
set firewall name WAN_IN rule 1 action accept
set firewall name WAN_IN rule 1 description “Allow established connections”
set firewall name WAN_IN rule 1 state established enable
set firewall name WAN_IN rule 1 state related enable
set firewall name WAN_IN rule 2 action drop
set firewall name WAN_IN rule 2 log enable
set firewall name WAN_IN rule 2 description “Drop invalid state”
set firewall name WAN_IN rule 2 state invalid enable
set firewall name WAN_LOCAL default-action drop
set firewall name WAN_LOCAL enable-default-log
set firewall name WAN_LOCAL rule 1 action accept
set firewall name WAN_LOCAL rule 1 description “Allow established connections”
set firewall name WAN_LOCAL rule 1 state established enable
set firewall name WAN_LOCAL rule 1 state related enable
set firewall name WAN_LOCAL rule 2 action drop
set firewall name WAN_LOCAL rule 2 log enable
set firewall name WAN_LOCAL rule 2 description “Drop invalid state”
set firewall name WAN_LOCAL rule 2 state invalid enable
set interfaces ethernet eth0 description WAN
set interfaces ethernet eth0 address dhcp
set interfaces ethernet eth0 firewall in name WAN_IN
set interfaces ethernet eth0 firewall local name WAN_LOCAL
set service nat rule 5010 description “Masquerade for WAN”
set service nat rule 5010 outbound-interface eth0
set service nat rule 5010 type masquerade
set interfaces ethernet eth1 description LAN
set interfaces ethernet eth1 address 192.168.10.2/24
set service dhcp-server disabled false
set service dhcp-server shared-network-name LAN authoritative enable
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 default-router 192.168.10.1
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 dns-server 192.168.10.1
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 lease 86400
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 start 192.168.10.41 stop 192.168.10.99
set service dns forwarding listen-on eth2

Add a Comment

Your email address will not be published. Required fields are marked *