firewall { all-ping enable broadcast-ping disable group { network-group PRIVATE_NETS { network 192.168.0.0/16 network 172.16.0.0/12 network 10.0.0.0/8 } } ipv6-name WANv6_IN { default-action drop description "WAN inbound traffic forwarded to LAN" enable-default-log rule 10 { action accept description "Allow established/related sessions" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } rule 30 { action accept description "Allow IPv6 icmp" protocol ipv6-icmp } } ipv6-name WANv6_LOCAL { default-action drop description "WAN inbound traffic to the router" enable-default-log rule 10 { action accept description "Allow established/related sessions" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } rule 30 { action accept description "Allow IPv6 icmp" protocol ipv6-icmp } rule 40 { action accept description "allow dhcpv6" destination { port 546 } protocol udp source { port 547 } } } ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians disable modify balance { rule 10 { action modify description "do NOT load balance lan to lan" destination { group { network-group PRIVATE_NETS } } modify { table main } } rule 20 { action modify description "do NOT load balance destination public address" destination { group { address-group ADDRv4_eth0 } } modify { table main } } rule 30 { action modify description "do NOT load balance destination public address" destination { group { address-group ADDRv4_eth1 } } modify { table main } } rule 110 { action modify modify { lb-group G } } } name WAN_IN { default-action drop description "WAN to internal" rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } } name WAN_LOCAL { default-action drop description "WAN to router" rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } } receive-redirects disable send-redirects enable source-validation disable syn-cookies enable } interfaces { ethernet eth0 { address 0.0.0.0/0 - ik heb mijn ip hier even verwijderd description WAN dhcp-options { default-route update default-route-distance 210 name-server update } dhcpv6-pd { no-dns pd 0 { interface eth2 { host-address ::1 prefix-id :1 service dhcpv6-stateless } prefix-length /56 } rapid-commit enable } duplex auto firewall { in { ipv6-name WANv6_IN name WAN_IN } local { ipv6-name WANv6_LOCAL name WAN_LOCAL } } speed auto } ethernet eth1 { address dhcp description "WAN 2" dhcp-options { default-route update default-route-distance 210 name-server update } duplex auto firewall { in { name WAN_IN } local { name WAN_LOCAL } } speed auto } ethernet eth2 { address 10.10.0.10/24 description Local duplex auto firewall { in { modify balance } } ipv6 { dup-addr-detect-transmits 1 router-advert { cur-hop-limit 64 default-lifetime 1800 link-mtu 0 managed-flag false max-interval 10 min-interval 3 other-config-flag false prefix ::/64 { autonomous-flag true on-link-flag true valid-lifetime 1800 } reachable-time 0 retrans-timer 0 send-advert true } } speed auto } ethernet eth3 { duplex auto speed auto } loopback lo { } }