set firewall all-ping enable
set firewall broadcast-ping disable
set firewall ipv6-name WANv6_IN default-action drop
set firewall ipv6-name WANv6_IN description 'WAN inbound traffic forwarded to LAN'
set firewall ipv6-name WANv6_IN rule 10 action accept
set firewall ipv6-name WANv6_IN rule 10 description 'Allow established/related sessions'
set firewall ipv6-name WANv6_IN rule 10 state established enable
set firewall ipv6-name WANv6_IN rule 10 state related enable
set firewall ipv6-name WANv6_IN rule 20 action drop
set firewall ipv6-name WANv6_IN rule 20 description 'Drop invalid state'
set firewall ipv6-name WANv6_IN rule 20 state invalid enable
set firewall ipv6-name WANv6_LOCAL default-action drop
set firewall ipv6-name WANv6_LOCAL description 'WAN inbound traffic to the router'
set firewall ipv6-name WANv6_LOCAL enable-default-log
set firewall ipv6-name WANv6_LOCAL rule 10 action accept
set firewall ipv6-name WANv6_LOCAL rule 10 description 'Allow established/related sessions'
set firewall ipv6-name WANv6_LOCAL rule 10 state established enable
set firewall ipv6-name WANv6_LOCAL rule 10 state related enable
set firewall ipv6-name WANv6_LOCAL rule 20 action drop
set firewall ipv6-name WANv6_LOCAL rule 20 description 'Drop invalid state'
set firewall ipv6-name WANv6_LOCAL rule 20 state invalid enable
set firewall ipv6-name WANv6_LOCAL rule 30 action accept
set firewall ipv6-name WANv6_LOCAL rule 30 description 'Allow IPv6 icmp'
set firewall ipv6-name WANv6_LOCAL rule 30 protocol ipv6-icmp
set firewall ipv6-name WANv6_LOCAL rule 40 action accept
set firewall ipv6-name WANv6_LOCAL rule 40 description 'allow dhcpv6'
set firewall ipv6-name WANv6_LOCAL rule 40 destination port 546
set firewall ipv6-name WANv6_LOCAL rule 40 protocol udp
set firewall ipv6-name WANv6_LOCAL rule 40 source port 547
set firewall ipv6-receive-redirects disable
set firewall ipv6-src-route disable
set firewall ip-src-route disable
set firewall log-martians enable
set firewall name WAN_IN default-action drop
set firewall name WAN_IN description 'WAN to internal'
set firewall name WAN_IN rule 10 action accept
set firewall name WAN_IN rule 10 description 'Allow established/related'
set firewall name WAN_IN rule 10 state established enable
set firewall name WAN_IN rule 10 state related enable
set firewall name WAN_IN rule 20 action drop
set firewall name WAN_IN rule 20 description 'Drop invalid state'
set firewall name WAN_IN rule 20 state invalid enable
set firewall name WAN_LOCAL default-action drop
set firewall name WAN_LOCAL description 'WAN to router'
set firewall name WAN_LOCAL rule 10 action accept
set firewall name WAN_LOCAL rule 10 description 'Allow established/related'
set firewall name WAN_LOCAL rule 10 state established enable
set firewall name WAN_LOCAL rule 10 state related enable
set firewall name WAN_LOCAL rule 20 action drop
set firewall name WAN_LOCAL rule 20 description 'Drop invalid state'
set firewall name WAN_LOCAL rule 20 state invalid enable
set firewall name WAN_LOCAL rule 30 action accept
set firewall name WAN_LOCAL rule 30 description 'Allow ICMP'
set firewall name WAN_LOCAL rule 30 log disable
set firewall name WAN_LOCAL rule 30 protocol icmp
set firewall receive-redirects disable
set firewall send-redirects enable
set firewall source-validation disable
set firewall syn-cookies enable
set interfaces ethernet eth0 address dhcp
set interfaces ethernet eth0 description Internet
set interfaces ethernet eth0 dhcpv6-pd pd 1 interface switch0 host-address '::1'
set interfaces ethernet eth0 dhcpv6-pd pd 1 interface switch0 prefix-id ':1'
set interfaces ethernet eth0 dhcpv6-pd pd 1 interface switch0 service slaac
set interfaces ethernet eth0 dhcpv6-pd pd 1 prefix-length /56
set interfaces ethernet eth0 dhcpv6-pd rapid-commit enable
set interfaces ethernet eth0 duplex auto
set interfaces ethernet eth0 firewall in ipv6-name WANv6_IN
set interfaces ethernet eth0 firewall in name WAN_IN
set interfaces ethernet eth0 firewall local ipv6-name WANv6_LOCAL
set interfaces ethernet eth0 firewall local name WAN_LOCAL
set interfaces ethernet eth0 speed auto
set interfaces ethernet eth1 description Local
set interfaces ethernet eth1 duplex auto
set interfaces ethernet eth1 speed auto
set interfaces ethernet eth2 description Local
set interfaces ethernet eth2 duplex auto
set interfaces ethernet eth2 speed auto
set interfaces ethernet eth3 description Local
set interfaces ethernet eth3 duplex auto
set interfaces ethernet eth3 speed auto
set interfaces ethernet eth4 description Local
set interfaces ethernet eth4 duplex auto
set interfaces ethernet eth4 mtu 1500
set interfaces ethernet eth4 poe output off
set interfaces ethernet eth4 speed auto
set interfaces loopback lo
set interfaces switch switch0 address 192.168.10.1/24
set interfaces switch switch0 address 'fdb1:4242:3538:2006::ffff/64'
set interfaces switch switch0 description Local
set interfaces switch switch0 firewall in
set interfaces switch switch0 ipv6 address
set interfaces switch switch0 ipv6 dup-addr-detect-transmits 1
set interfaces switch switch0 mtu 1500
set interfaces switch switch0 switch-port interface eth1
set interfaces switch switch0 switch-port interface eth2
set interfaces switch switch0 switch-port interface eth3
set interfaces switch switch0 switch-port interface eth4
set interfaces switch switch0 switch-port vlan-aware disable
set interfaces wireguard wg0 address 'fdf3:aad9:a885:0b3a::16/64'
set interfaces wireguard wg0 mtu 1420
set interfaces wireguard wg0 peer cuUgTdFH1UEXpUH6V1nashdH7K/L+pl6dmJCpBWN+Xw= allowed-ips '::0/0'
set interfaces wireguard wg0 peer cuUgTdFH1UEXpUH6V1nashdH7K/L+pl6dmJCpBWN+Xw= endpoint 'trygvis.io:51821'
set interfaces wireguard wg0 peer cuUgTdFH1UEXpUH6V1nashdH7K/L+pl6dmJCpBWN+Xw= persistent-keepalive 60
set interfaces wireguard wg0 private-key /config/auth/wg0.key
set interfaces wireguard wg0 route-allowed-ips false
set interfaces wireguard wg1 address 'fdb1:4242:3538:2f01::b/64'
set interfaces wireguard wg1 description tnet-knot
set interfaces wireguard wg1 mtu 1420
set interfaces wireguard wg1 peer eF8DIAyneOlhEzyriFB528IUsnYqy/b5398i0SW06g4= allowed-ips '::/0'
set interfaces wireguard wg1 peer eF8DIAyneOlhEzyriFB528IUsnYqy/b5398i0SW06g4= endpoint 'knot.inamo.no:51003'
set interfaces wireguard wg1 peer eF8DIAyneOlhEzyriFB528IUsnYqy/b5398i0SW06g4= persistent-keepalive 60
set interfaces wireguard wg1 private-key /config/auth/knot.key
set interfaces wireguard wg1 route-allowed-ips false
set interfaces wireguard wg2 address '2a11:6c7:f04:fd::2/64'
set interfaces wireguard wg2 description route64.org
set interfaces wireguard wg2 mtu 1420
set interfaces wireguard wg2 peer ztZNKsJH/CKQjYz9kUOtcIyKakqaNoNuVPZL8nlDxgM= allowed-ips '::/0'
set interfaces wireguard wg2 peer ztZNKsJH/CKQjYz9kUOtcIyKakqaNoNuVPZL8nlDxgM= endpoint '118.91.187.67:46010'
set interfaces wireguard wg2 peer ztZNKsJH/CKQjYz9kUOtcIyKakqaNoNuVPZL8nlDxgM= persistent-keepalive 30
set interfaces wireguard wg2 private-key /config/auth/route64.key
set interfaces wireguard wg2 route-allowed-ips false
set policy prefix-list6 bitraf-dn42 rule 1 action permit
set policy prefix-list6 bitraf-dn42 rule 1 description 'tnet subnetworks'
set policy prefix-list6 bitraf-dn42 rule 1 le 128
set policy prefix-list6 bitraf-dn42 rule 1 prefix 'fdb1:4242:3538:2000::/60'
set policy route-map bitraf-dn42 rule 1 action permit
set policy route-map bitraf-dn42 rule 1 match ipv6 address prefix-list bitraf-dn42
set protocols bgp 4242423538 address-family ipv6-unicast redistribute connected route-map bitraf-dn42
set protocols bgp 4242423538 neighbor 'fdb1:4242:3538:2f01::a' address-family ipv6-unicast capability graceful-restart
set protocols bgp 4242423538 neighbor 'fdb1:4242:3538:2f01::a' address-family ipv6-unicast nexthop-self
set protocols bgp 4242423538 neighbor 'fdb1:4242:3538:2f01::a' address-family ipv6-unicast route-reflector-client
set protocols bgp 4242423538 neighbor 'fdb1:4242:3538:2f01::a' address-family ipv6-unicast soft-reconfiguration inbound
set protocols bgp 4242423538 neighbor 'fdb1:4242:3538:2f01::a' capability dynamic
set protocols bgp 4242423538 neighbor 'fdb1:4242:3538:2f01::a' capability graceful-restart
set protocols bgp 4242423538 neighbor 'fdb1:4242:3538:2f01::a' password trygvis
set protocols bgp 4242423538 neighbor 'fdb1:4242:3538:2f01::a' remote-as 4242423538
set protocols bgp 4242423538 neighbor 'fdb1:4242:3538:2f01::a' soft-reconfiguration inbound
set protocols bgp 4242423538 parameters graceful-restart
set protocols static route6 'fdb1:4242:3538:2006::/64' blackhole
set service dhcp-server disabled false
set service dhcp-server hostfile-update disable
set service dhcp-server shared-network-name LAN authoritative enable
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 default-router 192.168.10.1
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 dns-server 192.168.10.1
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 dns-server 8.8.8.8
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 lease 86400
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 start 192.168.10.100 stop 192.168.10.199
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 static-mapping garasje ip-address 192.168.10.23
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 static-mapping garasje mac-address 'b4:fb:e4:76:3c:58'
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 static-mapping kjokken ip-address 192.168.10.21
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 static-mapping kjokken mac-address 'b4:fb:e4:76:3b:2b'
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 static-mapping kontor ip-address 192.168.10.22
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 static-mapping kontor mac-address 'b4:fb:e4:76:3b:1c'
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 static-mapping laboratorium ip-address 192.168.10.26
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 static-mapping laboratorium mac-address 'd8:b3:70:b3:35:19'
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 static-mapping nede ip-address 192.168.10.25
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 static-mapping nede mac-address 'b4:fb:e4:76:3b:1b'
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 static-mapping stue ip-address 192.168.10.20
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 static-mapping stue mac-address 'b4:fb:e4:76:3b:08'
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 static-mapping swcloud ip-address 192.168.10.12
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 static-mapping swcloud mac-address '18:e8:29:43:73:02'
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 static-mapping swnede ip-address 192.168.10.11
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 static-mapping swnede mac-address '18:e8:29:bf:9d:da'
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 static-mapping swoppe ip-address 192.168.10.10
set service dhcp-server shared-network-name LAN subnet 192.168.10.0/24 static-mapping swoppe mac-address 'b4:fb:e4:8a:24:a6'
set service dhcp-server static-arp disable
set service dhcp-server use-dnsmasq disable
set service dns forwarding cache-size 1000
set service dns forwarding listen-on switch0
set service dns forwarding options 'server=/dn42/fd42:d42:d42:54::1'
set service gui http-port 80
set service gui https-port 443
set service gui older-ciphers enable
set service lldp interface switch0
set service nat rule 5010 description 'masquerade for WAN'
set service nat rule 5010 outbound-interface eth0
set service nat rule 5010 type masquerade
set service snmp community public authorization ro
set service snmp location kv24ix
set service ssh port 22
set service ssh protocol-version v2
set service unms disable
set system analytics-handler send-analytics-report false
set system config-management commit-revisions 10
set system crash-handler send-crash-report false
set system host-name kv24ix
set system login user ubnt authentication encrypted-password '$5$YmwMYrjdnUz2i//n$.dj42FJRGmiS6l/YLkrAG6GW3l3/hX6ARCWpsvG7WC4'
set system login user ubnt authentication plaintext-password ''
set system login user ubnt authentication public-keys trygvis@biwia key AAAAC3NzaC1lZDI1NTE5AAAAIK3NIIYprtLQFNut7GGf0va7YYFeSXKSgWDQi4qbf5Ph
set system login user ubnt authentication public-keys trygvis@biwia type ssh-ed25519
set system login user ubnt level admin
set system ntp server 0.ubnt.pool.ntp.org
set system ntp server 1.ubnt.pool.ntp.org
set system ntp server 2.ubnt.pool.ntp.org
set system ntp server 3.ubnt.pool.ntp.org
set system syslog global facility all level notice
set system syslog global facility protocols level debug
set system time-zone Europe/Oslo