`vyos@vyos:~$ show configuration commands
set firewall all-ping ‘enable’
set firewall broadcast-ping ‘disable’
set firewall config-trap ‘disable’
set firewall group address-group ag-Blacklist
set firewall group address-group geoblock
set firewall group network-group ng-Blacklist
set firewall ipv6-receive-redirects ‘disable’
set firewall ipv6-src-route ‘disable’
set firewall ip-src-route ‘disable’
set firewall log-martians ‘enable’
set firewall name FIREWALL-LOCAL default-action ‘accept’
set firewall name FIREWALL-LOCAL rule 10 action ‘drop’
set firewall name FIREWALL-LOCAL rule 10 source group address-group ‘geoblock’
set firewall name FIREWALL-LOCAL rule 11 action ‘drop’
set firewall name FIREWALL-LOCAL rule 11 source group address-group ‘ag-Blacklist’
set firewall name FIREWALL-LOCAL rule 12 action ‘drop’
set firewall name FIREWALL-LOCAL rule 12 source group network-group ‘ng-Blacklist’
set firewall receive-redirects ‘disable’
set firewall send-redirects ‘enable’
set firewall source-validation ‘disable’
set firewall syn-cookies ‘enable’
set firewall twa-hazaISP1-protection ‘disable’
set interfaces ethernet eth0 address ‘192.168.100.100/24’
set interfaces ethernet eth0 description ‘Local Connect’
set interfaces ethernet eth0 hw-id ‘b8:ac:6f:14:c2:16’
set interfaces ethernet eth1 address ‘10.192.56.X/29’
set interfaces ethernet eth1 description ‘ISP1’
set interfaces ethernet eth1 firewall in name ‘FIREWALL-LOCAL’
set interfaces ethernet eth1 hw-id ‘b8:ac:6f:14:c2:18’
set interfaces ethernet eth2 firewall in name ‘FIREWALL-LOCAL’
set interfaces ethernet eth2 hw-id ‘b8:ac:6f:14:c2:1a’
set interfaces ethernet eth2 vif 2288 address ‘89.136.224.X/30’
set interfaces ethernet eth2 vif 2288 description ‘ISP2 National’
set interfaces ethernet eth2 vif 2288 firewall in name ‘FIREWALL-LOCAL’
set interfaces ethernet eth3 firewall in name ‘FIREWALL-LOCAL’
set interfaces ethernet eth3 hw-id ‘b8:ac:6f:14:c2:1c’
set interfaces ethernet eth3 vif 2291 address ‘89.136.224.X/30’
set interfaces ethernet eth3 vif 2291 description ‘ISP2 International’
set interfaces ethernet eth3 vif 2291 firewall in name ‘FIREWALL-LOCAL’
set interfaces ethernet eth4 firewall in name ‘FIREWALL-LOCAL’
set interfaces ethernet eth4 hw-id ‘28:92:4a:af:31:b0’
set interfaces ethernet eth5 address ‘89.X.X.1/24’
set interfaces ethernet eth5 address ‘89.X.X.1/24’
set interfaces ethernet eth5 address ‘188.X.X.1/24’
set interfaces ethernet eth5 address ‘77.X.X.1/24’
set interfaces ethernet eth5 address ‘89.X.X.1/24’
set interfaces ethernet eth5 address ‘89.X.X.1/24’
set interfaces ethernet eth5 description ‘10GB Port > Switch’
set interfaces ethernet eth5 firewall in name ‘FIREWALL-LOCAL’
set interfaces ethernet eth5 hw-id ‘28:92:4a:af:31:b4’
set interfaces loopback lo
set policy community-list blackhole rule 10 action ‘permit’
set policy community-list blackhole rule 10 regex ‘6830:666’
set policy prefix-list IPv4-BGP-OUT rule 100 action ‘permit’
set policy prefix-list IPv4-BGP-OUT rule 100 description ‘AS339XX BGP US’
set policy prefix-list IPv4-BGP-OUT rule 100 prefix ‘77.X.X.0/24’
set policy prefix-list IPv4-BGP-OUT rule 105 action ‘permit’
set policy prefix-list IPv4-BGP-OUT rule 105 description ‘AS339XX BGP US’
set policy prefix-list IPv4-BGP-OUT rule 105 prefix ‘89.X.X.0/23’
set policy prefix-list IPv4-BGP-OUT rule 106 action ‘permit’
set policy prefix-list IPv4-BGP-OUT rule 106 description ‘AS339XX BGP US’
set policy prefix-list IPv4-BGP-OUT rule 106 prefix ‘188.X.X.0/24’
set policy prefix-list IPv4-BGP-OUT rule 140 action ‘permit’
set policy prefix-list IPv4-BGP-OUT rule 140 description ‘AS339XX BGP US’
set policy prefix-list IPv4-BGP-OUT rule 140 prefix ‘89.X.X.0/23’
set policy route-map IPv4-NET rule 100 action ‘permit’
set policy route-map IPv4-NET rule 100 match community community-list ‘blackhole’
set policy route-map IPv4-NET rule 100 match ip address prefix-list ‘IPv4-BGP-OUT’
set policy route-map IPv4-NET rule 105 action ‘permit’
set policy route-map IPv4-NET rule 105 match community community-list ‘blackhole’
set policy route-map IPv4-NET rule 105 match ip address prefix-list ‘IPv4-BGP-OUT’
set policy route-map IPv4-NET rule 106 action ‘permit’
set policy route-map IPv4-NET rule 106 match community community-list ‘blackhole’
set policy route-map IPv4-NET rule 106 match ip address prefix-list ‘IPv4-BGP-OUT’
set policy route-map IPv4-NET rule 120 action ‘permit’
set policy route-map IPv4-NET rule 120 match ip address prefix-list ‘IPv4-BGP-OUT’
set policy route-map IPv4-NET rule 130 action ‘permit’
set policy route-map IPv4-NET rule 130 match ip address prefix-list ‘IPv4-BGP-OUT’
set policy route-map IPv4-NET rule 140 action ‘permit’
set policy route-map IPv4-NET rule 140 match community community-list ‘blackhole’
set policy route-map IPv4-NET rule 140 match ip address prefix-list ‘IPv4-BGP-OUT’
set policy route-map blackhole rule 10 action ‘permit’
set policy route-map blackhole rule 10 set community ‘6830:666’
set protocols bgp 339XX address-family ipv4-unicast network 77.X.X.0/24
set protocols bgp 339XX address-family ipv4-unicast network 89.X.X.0/23
set protocols bgp 339XX address-family ipv4-unicast network 89.X.X.250/32 route-map ‘blackhole’
set protocols bgp 339XX address-family ipv4-unicast network 89.X.X.0/23
set protocols bgp 339XX address-family ipv4-unicast network 188.X.X.0/24
set protocols bgp 339XX neighbor 10.192.56.X address-family ipv4-unicast route-map export ‘IPv4-NET’
set protocols bgp 339XX neighbor 10.192.56.X address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp 339XX neighbor 10.192.56.X description ‘ISP1 National AS Neighbor’
set protocols bgp 339XX neighbor 10.192.56.X remote-as ‘8708’
set protocols bgp 339XX neighbor 10.192.56.X update-source ‘10.192.56.X’
set protocols bgp 339XX neighbor 10.192.56.XX address-family ipv4-unicast route-map export ‘IPv4-NET’
set protocols bgp 339XX neighbor 10.192.56.XX address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp 339XX neighbor 10.192.56.XX description ‘ISP1 National AS Neighbor - Back-UP’
set protocols bgp 339XX neighbor 10.192.56.XX remote-as ‘8708’
set protocols bgp 339XX neighbor 10.192.56.XX update-source ‘10.192.56.X’
set protocols bgp 339XX neighbor 89.136.224.XX address-family ipv4-unicast route-map export ‘IPv4-NET’
set protocols bgp 339XX neighbor 89.136.224.XX address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp 339XX neighbor 89.136.224.XX description ‘ISP2 International AS Neighbor’
set protocols bgp 339XX neighbor 89.136.224.XX remote-as ‘6830’
set protocols bgp 339XX neighbor 89.136.224.XX update-source ‘89.136.224.X’
set protocols bgp 339XX neighbor 89.136.224.X address-family ipv4-unicast route-map export ‘IPv4-NET’
set protocols bgp 339XX neighbor 89.136.224.X address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp 339XX neighbor 89.136.224.X description ‘ISP2 National AS Neighbor’
set protocols bgp 339XX neighbor 89.136.224.X remote-as ‘6830’
set protocols bgp 339XX neighbor 89.136.224.X update-source ‘89.136.224.X’
set protocols bgp 339XX neighbor 193.231.184.X address-family ipv4-unicast route-map export ‘IPv4-NET’
set protocols bgp 339XX neighbor 193.231.184.X address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp 339XX neighbor 193.231.184.X description ‘ISP1 International AS Neighbor’
set protocols bgp 339XX neighbor 193.231.184.X ebgp-multihop ‘255’
set protocols bgp 339XX neighbor 193.231.184.X remote-as ‘8708’
set protocols bgp 339XX neighbor 193.231.184.X update-source ‘10.192.56.X’
set protocols bgp 339XX parameters log-neighbor-changes
set protocols ospf area 0 network ‘89.X.X.0/23’
set protocols ospf area 0 network ‘77.X.X.0/24’
set protocols ospf area 0 network ‘188.X.X.0/24’
set protocols ospf area 0 network ‘89.X.X.0/24’
set protocols ospf area 0 network ‘89.X.X.0/24’
set protocols ospf area 0.0.0.0 area-type normal
set protocols ospf default-information originate always
set protocols ospf default-information originate metric ‘10’
set protocols ospf default-information originate metric-type ‘2’
set protocols ospf parameters abr-type ‘cisco’
set protocols static route 77.X.X.0/24 blackhole distance ‘254’
set protocols static route 89.X.X.0/23 blackhole distance ‘254’
set protocols static route 89.X.X.0/23 blackhole distance ‘254’
set protocols static route 188.X.X.0/24 blackhole distance ‘254’
set service ids ddos-protection direction ‘in’
set service ids ddos-protection listen-interface ‘eth0’
set service ids ddos-protection listen-interface ‘eth1’
set service ids ddos-protection listen-interface ‘eth2’
set service ids ddos-protection listen-interface ‘eth3’
set service ids ddos-protection listen-interface ‘eth4’
set service ids ddos-protection listen-interface ‘eth5’
set service ids ddos-protection mode mirror
set service ids ddos-protection network ‘89.X.X.1/32’
set service ids ddos-protection network ‘89.X.X.1/32’
set service ids ddos-protection network ‘77.X.X.1/32’
set service ids ddos-protection network ‘188.X.X.1/32’
set service ids ddos-protection network ‘89.X.X.1/32’
set service ids ddos-protection network ‘89.X.X.1/32’
set service ids ddos-protection threshold fps ‘1000’
set service ids ddos-protection threshold mbps ‘50’
set service ids ddos-protection threshold pps ‘10000’
set system config-management commit-revisions ‘100’
set system console device ttyS0 speed ‘115200’
set system flow-accounting interface ‘eth0’
set system flow-accounting interface ‘eth2’
set system flow-accounting interface ‘eth3’
set system flow-accounting interface ‘eth1’
set system flow-accounting netflow sampling-rate ‘1’
set system flow-accounting netflow server 89.X.X.2 port ‘2055’
set system flow-accounting netflow timeout expiry-interval ‘30’
set system flow-accounting netflow timeout flow-generic ‘30’
set system flow-accounting netflow timeout icmp ‘30’
set system flow-accounting netflow timeout max-active-life ‘30’
set system flow-accounting netflow timeout tcp-fin ‘30’
set system flow-accounting netflow timeout tcp-generic ‘30’
set system flow-accounting netflow timeout tcp-rst ‘30’
set system flow-accounting netflow timeout udp ‘30’
set system flow-accounting netflow version ‘9’
set system flow-accounting syslog-facility ‘daemon’
set system ntp server 0.pool.ntp.org
set system ntp server 1.pool.ntp.org
set system ntp server 2.pool.ntp.org
set system syslog global facility all level ‘info’
set system syslog global facility protocols level ‘debug’
vyos@vyos:~$
`