vyos@vyos# run show conf commands | strip-private
set firewall all-ping 'enable'
set firewall broadcast-ping 'disable'
set firewall config-trap 'disable'
set firewall group address-group AG_ALLKIDS_DEVICES address 'xxx.xxx.10.50-xxx.xxx.10.79'
set firewall group address-group AG_ALLKIDS_DEVICES address 'xxx.xxx.10.140'
set firewall group address-group AG_ANDRZEJ_DEVICES address 'xxx.xxx.10.20-xxx.xxx.10.29'
set firewall group address-group AG_FRONTPC address 'xxx.xxx.10.140'
set firewall group address-group AG_HOMEPC_DEVICES address 'xxx.xxx.10.140'
set firewall group address-group AG_HOST_DEVICES address 'xxx.xxx.10.110-xxx.xxx.10.119'
set firewall group address-group AG_JAKOB_DEVICES address 'xxx.xxx.10.60-xxx.xxx.10.69'
set firewall group address-group AG_LUKAS_DEVICES address 'xxx.xxx.10.50-xxx.xxx.10.59'
set firewall group address-group AG_MARTA_DEVICES address 'xxx.xxx.10.40-xxx.xxx.10.49'
set firewall group address-group AG_MICHAEL_DEVICES address 'xxx.xxx.10.70-xxx.xxx.10.79'
set firewall group address-group AG_MULTICAST address 'xxx.xxx.255.250'
set firewall group address-group AG_MULTICAST address 'xxx.xxx.0.251'
set firewall group address-group AG_MULTICAST address 'xxx.xxx.20.255'
set firewall group address-group AG_PIHOLE_DEVICE address 'xxx.xxx.10.10'
set firewall group address-group AG_SAMSUNGTV address 'xxx.xxx.20.13'
set firewall group address-group AG_SERVER_DEVICES address 'xxx.xxx.10.110-xxx.xxx.10.119'
set firewall group address-group AG_SONOS_DEVICES address 'xxx.xxx.10.6'
set firewall group address-group AG_VIRTUAL_MACHINES address 'xxx.xxx.10.120-xxx.xxx.10.139'
set firewall group address-group AG_VM_DEVICES address 'xxx.xxx.10.120-xxx.xxx.10.139'
set firewall group address-group AG_XBOX address 'xxx.xxx.20.14'
set firewall ipv6-receive-redirects 'disable'
set firewall ipv6-src-route 'disable'
set firewall ip-src-route 'disable'
set firewall log-martians 'enable'
set firewall name DEVICE-INSIDE default-action 'drop'
set firewall name DEVICE-INSIDE enable-default-log
set firewall name DEVICE-INSIDE rule 50 action 'accept'
set firewall name DEVICE-INSIDE rule 50 state established 'enable'
set firewall name DEVICE-INSIDE rule 50 state related 'enable'
set firewall name DEVICE-INSIDE rule 51 action 'drop'
set firewall name DEVICE-INSIDE rule 51 state invalid 'enable'
set firewall name DEVICE-INSIDE rule 101 action 'accept'
set firewall name DEVICE-INSIDE rule 101 description 'Allow DEVICE Pihole DNS INSIDE'
set firewall name DEVICE-INSIDE rule 101 destination group address-group 'AG_PIHOLE_DEVICE'
set firewall name DEVICE-INSIDE rule 101 destination port '53'
set firewall name DEVICE-INSIDE rule 101 log 'enable'
set firewall name DEVICE-INSIDE rule 101 protocol 'tcp_udp'
set firewall name DEVICE-INSIDE rule 101 state new 'enable'
set firewall name DEVICE-INSIDE rule 1000 action 'accept'
set firewall name DEVICE-INSIDE rule 1000 description 'Allow DEVICE broadcast INSIDE'
set firewall name DEVICE-INSIDE rule 1000 destination port '1900'
set firewall name DEVICE-INSIDE rule 1000 log 'enable'
set firewall name DEVICE-INSIDE rule 1000 protocol 'udp'
set firewall name DEVICE-INSIDE rule 1000 state new 'enable'
set firewall name DEVICE-LOCAL default-action 'drop'
set firewall name DEVICE-LOCAL enable-default-log
set firewall name DEVICE-LOCAL rule 50 action 'accept'
set firewall name DEVICE-LOCAL rule 50 state established 'enable'
set firewall name DEVICE-LOCAL rule 50 state related 'enable'
set firewall name DEVICE-LOCAL rule 51 action 'drop'
set firewall name DEVICE-LOCAL rule 51 state invalid 'enable'
set firewall name DEVICE-OUTSIDE default-action 'drop'
set firewall name DEVICE-OUTSIDE enable-default-log
set firewall name DEVICE-OUTSIDE rule 50 action 'accept'
set firewall name DEVICE-OUTSIDE rule 50 state established 'enable'
set firewall name DEVICE-OUTSIDE rule 50 state related 'enable'
set firewall name DEVICE-OUTSIDE rule 51 action 'drop'
set firewall name DEVICE-OUTSIDE rule 51 state invalid 'enable'
set firewall name DEVICE-OUTSIDE rule 100 action 'accept'
set firewall name DEVICE-OUTSIDE rule 100 description 'Allow DEVICE Ping OUTSIDE'
set firewall name DEVICE-OUTSIDE rule 100 icmp type-name 'echo-request'
set firewall name DEVICE-OUTSIDE rule 100 log 'enable'
set firewall name DEVICE-OUTSIDE rule 100 protocol 'icmp'
set firewall name DEVICE-OUTSIDE rule 100 state new 'enable'
set firewall name DEVICE-OUTSIDE rule 1000 action 'accept'
set firewall name DEVICE-OUTSIDE rule 1000 description 'Allow DEVICE SamsungTV Web OUTSIDE'
set firewall name DEVICE-OUTSIDE rule 1000 destination port '80,443'
set firewall name DEVICE-OUTSIDE rule 1000 log 'enable'
set firewall name DEVICE-OUTSIDE rule 1000 protocol 'tcp'
set firewall name DEVICE-OUTSIDE rule 1000 source group address-group 'AG_SAMSUNGTV'
set firewall name DEVICE-OUTSIDE rule 1000 state new 'enable'
set firewall name DEVICE-OUTSIDE rule 1001 action 'accept'
set firewall name DEVICE-OUTSIDE rule 1001 description 'Allow DEVICE XBox OUTSIDE'
set firewall name DEVICE-OUTSIDE rule 1001 log 'enable'
set firewall name DEVICE-OUTSIDE rule 1001 protocol 'tcp_udp'
set firewall name DEVICE-OUTSIDE rule 1001 source group address-group 'AG_XBOX'
set firewall name DEVICE-OUTSIDE rule 1001 state new 'enable'
set firewall name DEVICE-OUTSIDE rule 1001 time starttime 'xxxx:xxxx:00'
set firewall name DEVICE-OUTSIDE rule 1001 time stoptime 'xxxx:xxxx:00'
set firewall name DEVICE-OUTSIDE rule 1001 time utc
set firewall name DEVICE-OUTSIDE rule 1001 time weekdays 'Fri,Sat,Sun'
set firewall name DEVICE-OUTSIDE rule 1002 action 'accept'
set firewall name DEVICE-OUTSIDE rule 1002 description 'Allow DEVICE XBox OUTSIDE'
set firewall name DEVICE-OUTSIDE rule 1002 destination port '80,443'
set firewall name DEVICE-OUTSIDE rule 1002 log 'enable'
set firewall name DEVICE-OUTSIDE rule 1002 protocol 'tcp'
set firewall name DEVICE-OUTSIDE rule 1002 source group address-group 'AG_XBOX'
set firewall name DEVICE-OUTSIDE rule 1002 state new 'enable'
set firewall name DEVICE-OUTSIDE rule 1002 time utc
set firewall name INSIDE-DEVICE default-action 'drop'
set firewall name INSIDE-DEVICE enable-default-log
set firewall name INSIDE-DEVICE rule 50 action 'accept'
set firewall name INSIDE-DEVICE rule 50 state established 'enable'
set firewall name INSIDE-DEVICE rule 50 state related 'enable'
set firewall name INSIDE-DEVICE rule 51 action 'drop'
set firewall name INSIDE-DEVICE rule 51 state invalid 'enable'
set firewall name INSIDE-DEVICE rule 1000 action 'accept'
set firewall name INSIDE-DEVICE rule 1000 description 'Allow DEVICE broadcast INSIDE'
set firewall name INSIDE-DEVICE rule 1000 destination port '1900'
set firewall name INSIDE-DEVICE rule 1000 log 'enable'
set firewall name INSIDE-DEVICE rule 1000 protocol 'udp'
set firewall name INSIDE-DEVICE rule 1000 state new 'enable'
set firewall name INSIDE-LOCAL default-action 'drop'
set firewall name INSIDE-LOCAL enable-default-log
set firewall name INSIDE-LOCAL rule 50 action 'accept'
set firewall name INSIDE-LOCAL rule 50 state established 'enable'
set firewall name INSIDE-LOCAL rule 50 state related 'enable'
set firewall name INSIDE-LOCAL rule 51 action 'drop'
set firewall name INSIDE-LOCAL rule 51 state invalid 'enable'
set firewall name INSIDE-LOCAL rule 100 action 'accept'
set firewall name INSIDE-LOCAL rule 100 description 'Allow INSIDE Ping LOCAL'
set firewall name INSIDE-LOCAL rule 100 icmp type-name 'echo-request'
set firewall name INSIDE-LOCAL rule 100 log 'enable'
set firewall name INSIDE-LOCAL rule 100 protocol 'icmp'
set firewall name INSIDE-LOCAL rule 100 state new 'enable'
set firewall name INSIDE-LOCAL rule 101 action 'accept'
set firewall name INSIDE-LOCAL rule 101 description 'Allow INSIDE Pihole DNS LACAL'
set firewall name INSIDE-LOCAL rule 101 destination port '53'
set firewall name INSIDE-LOCAL rule 101 log 'enable'
set firewall name INSIDE-LOCAL rule 101 protocol 'tcp_udp'
set firewall name INSIDE-LOCAL rule 101 source group address-group 'AG_PIHOLE_DEVICE'
set firewall name INSIDE-LOCAL rule 101 state new 'enable'
set firewall name INSIDE-LOCAL rule 102 action 'accept'
set firewall name INSIDE-LOCAL rule 102 description 'Allow INSIDE Time LOCAL'
set firewall name INSIDE-LOCAL rule 102 destination port '123'
set firewall name INSIDE-LOCAL rule 102 log 'enable'
set firewall name INSIDE-LOCAL rule 102 protocol 'udp'
set firewall name INSIDE-LOCAL rule 102 state new 'enable'
set firewall name INSIDE-LOCAL rule 103 action 'accept'
set firewall name INSIDE-LOCAL rule 103 description 'Allow INSIDE SSH LOCAL'
set firewall name INSIDE-LOCAL rule 103 destination port '22'
set firewall name INSIDE-LOCAL rule 103 log 'enable'
set firewall name INSIDE-LOCAL rule 103 protocol 'tcp'
set firewall name INSIDE-LOCAL rule 103 state new 'enable'
set firewall name INSIDE-LOCAL rule 104 action 'accept'
set firewall name INSIDE-LOCAL rule 104 description 'Allow INSIDE DHCP LOCAL'
set firewall name INSIDE-LOCAL rule 104 destination group address-group 'AG_PIHOLE_DEVICE'
set firewall name INSIDE-LOCAL rule 104 destination port '67'
set firewall name INSIDE-LOCAL rule 104 log 'enable'
set firewall name INSIDE-LOCAL rule 104 protocol 'udp'
set firewall name INSIDE-LOCAL rule 104 state new 'enable'
set firewall name INSIDE-OUTSIDE default-action 'drop'
set firewall name INSIDE-OUTSIDE enable-default-log
set firewall name INSIDE-OUTSIDE rule 50 action 'accept'
set firewall name INSIDE-OUTSIDE rule 50 state established 'enable'
set firewall name INSIDE-OUTSIDE rule 50 state related 'enable'
set firewall name INSIDE-OUTSIDE rule 51 action 'drop'
set firewall name INSIDE-OUTSIDE rule 51 state invalid 'enable'
set firewall name INSIDE-OUTSIDE rule 100 action 'accept'
set firewall name INSIDE-OUTSIDE rule 100 description 'Allow INSIDE Ping OUTSIDE'
set firewall name INSIDE-OUTSIDE rule 100 icmp type-name 'echo-request'
set firewall name INSIDE-OUTSIDE rule 100 log 'enable'
set firewall name INSIDE-OUTSIDE rule 100 protocol 'icmp'
set firewall name INSIDE-OUTSIDE rule 100 state new 'enable'
set firewall name INSIDE-OUTSIDE rule 101 action 'accept'
set firewall name INSIDE-OUTSIDE rule 101 description 'Allow INSIDE Pihole DNS OUTSIDE'
set firewall name INSIDE-OUTSIDE rule 101 destination port '53'
set firewall name INSIDE-OUTSIDE rule 101 log 'enable'
set firewall name INSIDE-OUTSIDE rule 101 protocol 'tcp_udp'
set firewall name INSIDE-OUTSIDE rule 101 source group address-group 'AG_PIHOLE_DEVICE'
set firewall name INSIDE-OUTSIDE rule 101 state new 'enable'
set firewall name INSIDE-OUTSIDE rule 102 action 'accept'
set firewall name INSIDE-OUTSIDE rule 102 description 'Allow INSIDE Pihole Web OUTSIDE'
set firewall name INSIDE-OUTSIDE rule 102 destination port '80,443'
set firewall name INSIDE-OUTSIDE rule 102 log 'enable'
set firewall name INSIDE-OUTSIDE rule 102 protocol 'tcp'
set firewall name INSIDE-OUTSIDE rule 102 source group address-group 'AG_PIHOLE_DEVICE'
set firewall name INSIDE-OUTSIDE rule 102 state new 'enable'
set firewall name INSIDE-OUTSIDE rule 103 action 'accept'
set firewall name INSIDE-OUTSIDE rule 103 description 'Allow INSIDE Sonos Web OUTSIDE'
set firewall name INSIDE-OUTSIDE rule 103 destination port '80,443'
set firewall name INSIDE-OUTSIDE rule 103 log 'enable'
set firewall name INSIDE-OUTSIDE rule 103 protocol 'tcp'
set firewall name INSIDE-OUTSIDE rule 103 source group address-group 'AG_SONOS_DEVICES'
set firewall name INSIDE-OUTSIDE rule 103 state new 'enable'
set firewall name INSIDE-OUTSIDE rule 200 action 'accept'
set firewall name INSIDE-OUTSIDE rule 200 description 'Allow Andrzej Devices'
set firewall name INSIDE-OUTSIDE rule 200 log 'enable'
set firewall name INSIDE-OUTSIDE rule 200 protocol 'tcp_udp'
set firewall name INSIDE-OUTSIDE rule 200 source group address-group 'AG_ANDRZEJ_DEVICES'
set firewall name INSIDE-OUTSIDE rule 200 state new 'enable'
set firewall name INSIDE-OUTSIDE rule 400 action 'accept'
set firewall name INSIDE-OUTSIDE rule 400 description 'Allow Marta Devices'
set firewall name INSIDE-OUTSIDE rule 400 log 'enable'
set firewall name INSIDE-OUTSIDE rule 400 protocol 'tcp_udp'
set firewall name INSIDE-OUTSIDE rule 400 source group address-group 'AG_MARTA_DEVICES'
set firewall name INSIDE-OUTSIDE rule 400 state new 'enable'
set firewall name INSIDE-OUTSIDE rule 500 action 'accept'
set firewall name INSIDE-OUTSIDE rule 500 description 'LUKAS - Allow Web Ports 8:30AM-9:00PM'
set firewall name INSIDE-OUTSIDE rule 500 destination port '80,443'
set firewall name INSIDE-OUTSIDE rule 500 log 'enable'
set firewall name INSIDE-OUTSIDE rule 500 protocol 'tcp'
set firewall name INSIDE-OUTSIDE rule 500 source group address-group 'AG_LUKAS_DEVICES'
set firewall name INSIDE-OUTSIDE rule 500 state new 'enable'
set firewall name INSIDE-OUTSIDE rule 500 time starttime 'xxxx:xxxx:00'
set firewall name INSIDE-OUTSIDE rule 500 time stoptime 'xxxx:xxxx:00'
set firewall name INSIDE-OUTSIDE rule 500 time utc
set firewall name INSIDE-OUTSIDE rule 600 action 'accept'
set firewall name INSIDE-OUTSIDE rule 600 description 'JAKOB - Allow Web Ports 8:30AM-7:00PM'
set firewall name INSIDE-OUTSIDE rule 600 destination port '80,443'
set firewall name INSIDE-OUTSIDE rule 600 log 'enable'
set firewall name INSIDE-OUTSIDE rule 600 protocol 'tcp'
set firewall name INSIDE-OUTSIDE rule 600 source group address-group 'AG_JAKOB_DEVICES'
set firewall name INSIDE-OUTSIDE rule 600 state new 'enable'
set firewall name INSIDE-OUTSIDE rule 600 time starttime 'xxxx:xxxx:00'
set firewall name INSIDE-OUTSIDE rule 600 time stoptime 'xxxx:xxxx:00'
set firewall name INSIDE-OUTSIDE rule 600 time utc
set firewall name INSIDE-OUTSIDE rule 700 action 'accept'
set firewall name INSIDE-OUTSIDE rule 700 description 'MICHAEL - Allow Web Ports 8:30AM-4:30PM'
set firewall name INSIDE-OUTSIDE rule 700 destination port '80,443'
set firewall name INSIDE-OUTSIDE rule 700 log 'enable'
set firewall name INSIDE-OUTSIDE rule 700 protocol 'tcp'
set firewall name INSIDE-OUTSIDE rule 700 source group address-group 'AG_MICHAEL_DEVICES'
set firewall name INSIDE-OUTSIDE rule 700 state new 'enable'
set firewall name INSIDE-OUTSIDE rule 700 time starttime 'xxxx:xxxx:00'
set firewall name INSIDE-OUTSIDE rule 700 time stoptime 'xxxx:xxxx:00'
set firewall name INSIDE-OUTSIDE rule 700 time utc
set firewall name INSIDE-OUTSIDE rule 1000 action 'accept'
set firewall name INSIDE-OUTSIDE rule 1000 description 'KIDS - Allow Internet 2:00PM-10:00PM'
set firewall name INSIDE-OUTSIDE rule 1000 log 'enable'
set firewall name INSIDE-OUTSIDE rule 1000 protocol 'tcp_udp'
set firewall name INSIDE-OUTSIDE rule 1000 source group address-group 'AG_ALLKIDS_DEVICES'
set firewall name INSIDE-OUTSIDE rule 1000 state new 'enable'
set firewall name INSIDE-OUTSIDE rule 1000 time starttime 'xxxx:xxxx:00'
set firewall name INSIDE-OUTSIDE rule 1000 time stoptime 'xxxx:xxxx:00'
set firewall name INSIDE-OUTSIDE rule 1000 time utc
set firewall name INSIDE-OUTSIDE rule 1000 time weekdays 'Fri,Sat,Sun'
set firewall name INSIDE-OUTSIDE rule 1001 action 'accept'
set firewall name INSIDE-OUTSIDE rule 1001 description 'Allow INSIDE Front PC Web OUTSIDE'
set firewall name INSIDE-OUTSIDE rule 1001 destination port '80,443'
set firewall name INSIDE-OUTSIDE rule 1001 log 'enable'
set firewall name INSIDE-OUTSIDE rule 1001 protocol 'tcp'
set firewall name INSIDE-OUTSIDE rule 1001 source group address-group 'AG_FRONTPC'
set firewall name INSIDE-OUTSIDE rule 1001 state new 'enable'
set firewall name INSIDE-OUTSIDE rule 1100 action 'accept'
set firewall name INSIDE-OUTSIDE rule 1100 description 'Allow INSIDE Server Web OUTSIDE'
set firewall name INSIDE-OUTSIDE rule 1100 destination port '80,443'
set firewall name INSIDE-OUTSIDE rule 1100 log 'enable'
set firewall name INSIDE-OUTSIDE rule 1100 protocol 'tcp'
set firewall name INSIDE-OUTSIDE rule 1100 source group address-group 'AG_SERVER_DEVICES'
set firewall name INSIDE-OUTSIDE rule 1100 state new 'enable'
set firewall name INSIDE-OUTSIDE rule 1101 action 'accept'
set firewall name INSIDE-OUTSIDE rule 1101 description 'Allow INSIDE VM Web OUTSIDE'
set firewall name INSIDE-OUTSIDE rule 1101 destination port '80,443'
set firewall name INSIDE-OUTSIDE rule 1101 log 'enable'
set firewall name INSIDE-OUTSIDE rule 1101 protocol 'tcp'
set firewall name INSIDE-OUTSIDE rule 1101 source group address-group 'AG_VM_DEVICES'
set firewall name INSIDE-OUTSIDE rule 1101 state new 'enable'
set firewall name LOCAL-DEVICE default-action 'drop'
set firewall name LOCAL-DEVICE enable-default-log
set firewall name LOCAL-DEVICE rule 50 action 'accept'
set firewall name LOCAL-DEVICE rule 50 state established 'enable'
set firewall name LOCAL-DEVICE rule 50 state related 'enable'
set firewall name LOCAL-DEVICE rule 51 action 'drop'
set firewall name LOCAL-DEVICE rule 51 state invalid 'enable'
set firewall name LOCAL-DEVICE rule 100 action 'accept'
set firewall name LOCAL-DEVICE rule 100 description 'Allow LOCAL Ping DEVICE'
set firewall name LOCAL-DEVICE rule 100 icmp type-name 'echo-request'
set firewall name LOCAL-DEVICE rule 100 log 'enable'
set firewall name LOCAL-DEVICE rule 100 protocol 'icmp'
set firewall name LOCAL-DEVICE rule 100 state new 'enable'
set firewall name LOCAL-INSIDE default-action 'drop'
set firewall name LOCAL-INSIDE enable-default-log
set firewall name LOCAL-INSIDE rule 50 action 'accept'
set firewall name LOCAL-INSIDE rule 50 state established 'enable'
set firewall name LOCAL-INSIDE rule 50 state related 'enable'
set firewall name LOCAL-INSIDE rule 51 action 'drop'
set firewall name LOCAL-INSIDE rule 51 state invalid 'enable'
set firewall name LOCAL-INSIDE rule 100 action 'accept'
set firewall name LOCAL-INSIDE rule 100 description 'Allow LOCAL Ping INSIDE'
set firewall name LOCAL-INSIDE rule 100 icmp type-name 'echo-request'
set firewall name LOCAL-INSIDE rule 100 log 'enable'
set firewall name LOCAL-INSIDE rule 100 protocol 'icmp'
set firewall name LOCAL-INSIDE rule 100 state new 'enable'
set firewall name LOCAL-INSIDE rule 101 action 'accept'
set firewall name LOCAL-INSIDE rule 101 description 'Allow LOCAL Pihole DNS INSIDE'
set firewall name LOCAL-INSIDE rule 101 destination group address-group 'AG_PIHOLE_DEVICE'
set firewall name LOCAL-INSIDE rule 101 destination port '53'
set firewall name LOCAL-INSIDE rule 101 log 'enable'
set firewall name LOCAL-INSIDE rule 101 protocol 'tcp_udp'
set firewall name LOCAL-INSIDE rule 101 state new 'enable'
set firewall name LOCAL-INSIDE rule 102 action 'accept'
set firewall name LOCAL-INSIDE rule 102 description 'Allow LOCAL DHCP INSIDE'
set firewall name LOCAL-INSIDE rule 102 destination group address-group 'AG_PIHOLE_DEVICE'
set firewall name LOCAL-INSIDE rule 102 destination port '68'
set firewall name LOCAL-INSIDE rule 102 log 'enable'
set firewall name LOCAL-INSIDE rule 102 protocol 'udp'
set firewall name LOCAL-INSIDE rule 102 state new 'enable'
set firewall name LOCAL-OUTSIDE default-action 'drop'
set firewall name LOCAL-OUTSIDE enable-default-log
set firewall name LOCAL-OUTSIDE rule 50 action 'accept'
set firewall name LOCAL-OUTSIDE rule 50 state established 'enable'
set firewall name LOCAL-OUTSIDE rule 50 state related 'enable'
set firewall name LOCAL-OUTSIDE rule 51 action 'drop'
set firewall name LOCAL-OUTSIDE rule 51 state invalid 'enable'
set firewall name LOCAL-OUTSIDE rule 100 action 'accept'
set firewall name LOCAL-OUTSIDE rule 100 description 'Allow LOCAL Ping OUTSIDE'
set firewall name LOCAL-OUTSIDE rule 100 icmp type-name 'echo-request'
set firewall name LOCAL-OUTSIDE rule 100 log 'enable'
set firewall name LOCAL-OUTSIDE rule 100 protocol 'icmp'
set firewall name LOCAL-OUTSIDE rule 100 state new 'enable'
set firewall name LOCAL-OUTSIDE rule 101 action 'accept'
set firewall name LOCAL-OUTSIDE rule 101 description 'Allow LOCAL Time OUTSIDE'
set firewall name LOCAL-OUTSIDE rule 101 destination port '123'
set firewall name LOCAL-OUTSIDE rule 101 log 'enable'
set firewall name LOCAL-OUTSIDE rule 101 protocol 'udp'
set firewall name LOCAL-OUTSIDE rule 101 state new 'enable'
set firewall name LOCAL-OUTSIDE rule 102 action 'accept'
set firewall name LOCAL-OUTSIDE rule 102 description 'Allow LOCAL Web Ports OUTSIDE'
set firewall name LOCAL-OUTSIDE rule 102 destination port '80,443'
set firewall name LOCAL-OUTSIDE rule 102 log 'enable'
set firewall name LOCAL-OUTSIDE rule 102 protocol 'tcp'
set firewall name LOCAL-OUTSIDE rule 102 state new 'enable'
set firewall name OUTSIDE-DEVICE default-action 'drop'
set firewall name OUTSIDE-DEVICE enable-default-log
set firewall name OUTSIDE-DEVICE rule 50 action 'accept'
set firewall name OUTSIDE-DEVICE rule 50 state established 'enable'
set firewall name OUTSIDE-DEVICE rule 50 state related 'enable'
set firewall name OUTSIDE-DEVICE rule 51 action 'drop'
set firewall name OUTSIDE-DEVICE rule 51 state invalid 'enable'
set firewall name OUTSIDE-INSIDE default-action 'drop'
set firewall name OUTSIDE-INSIDE enable-default-log
set firewall name OUTSIDE-INSIDE rule 50 action 'accept'
set firewall name OUTSIDE-INSIDE rule 50 state established 'enable'
set firewall name OUTSIDE-INSIDE rule 50 state related 'enable'
set firewall name OUTSIDE-INSIDE rule 51 action 'drop'
set firewall name OUTSIDE-INSIDE rule 51 state invalid 'enable'
set firewall name OUTSIDE-LOCAL default-action 'drop'
set firewall name OUTSIDE-LOCAL enable-default-log
set firewall name OUTSIDE-LOCAL rule 50 action 'accept'
set firewall name OUTSIDE-LOCAL rule 50 state established 'enable'
set firewall name OUTSIDE-LOCAL rule 50 state related 'enable'
set firewall name OUTSIDE-LOCAL rule 51 action 'drop'
set firewall name OUTSIDE-LOCAL rule 51 state invalid 'enable'
set firewall receive-redirects 'disable'
set firewall send-redirects 'enable'
set firewall source-validation 'disable'
set firewall syn-cookies 'enable'
set firewall twa-hazards-protection 'disable'
set interfaces ethernet eth0 address 'dhcp'
set interfaces ethernet eth0 description 'OUTSIDE'
set interfaces ethernet eth0 hw-id 'XX:XX:XX:XX:XX:9b'
set interfaces ethernet eth1 address 'xxx.xxx.10.1/24'
set interfaces ethernet eth1 description 'INSIDE'
set interfaces ethernet eth1 hw-id 'XX:XX:XX:XX:XX:a5'
set interfaces ethernet eth2 address 'xxx.xxx.20.1/24'
set interfaces ethernet eth2 description 'DEVICE'
set interfaces ethernet eth2 hw-id 'XX:XX:XX:XX:XX:af'
set interfaces loopback lo
set nat destination rule 100 destination address '!xxx.xxx.10.10'
set nat destination rule 100 destination port '53'
set nat destination rule 100 inbound-interface 'eth1'
set nat destination rule 100 log
set nat destination rule 100 protocol 'tcp_udp'
set nat destination rule 100 source address '!xxx.xxx.10.10'
set nat destination rule 100 translation address 'xxx.xxx.10.10'
set nat destination rule 101 destination address '!xxx.xxx.10.10'
set nat destination rule 101 destination port '53'
set nat destination rule 101 inbound-interface 'eth2'
set nat destination rule 101 log
set nat destination rule 101 protocol 'tcp_udp'
set nat destination rule 101 translation address 'xxx.xxx.10.10'
set nat destination rule 102 destination address '!xxx.xxx.10.1'
set nat destination rule 102 destination port '123'
set nat destination rule 102 inbound-interface 'eth1'
set nat destination rule 102 log
set nat destination rule 102 protocol 'udp'
set nat destination rule 102 translation address 'xxx.xxx.10.1'
set nat source rule 100 description 'NAT INTERNAL'
set nat source rule 100 outbound-interface 'eth0'
set nat source rule 100 source address 'xxx.xxx.10.0/24'
set nat source rule 100 translation address 'masquerade'
set nat source rule 101 description 'NAT DEVICE'
set nat source rule 101 outbound-interface 'eth0'
set nat source rule 101 source address 'xxx.xxx.20.0/24'
set nat source rule 101 translation address 'masquerade'
set service broadcast-relay id 10 interface 'eth1'
set service broadcast-relay id 10 interface 'eth2'
set service broadcast-relay id 10 port '1900'
set service dhcp-server hostfile-update
set service dhcp-server host-decl-name
set service dhcp-server listen-address 'xxx.xxx.20.1'
set service dhcp-server listen-address 'xxx.xxx.10.1'
set service dhcp-server shared-network-name xxxxxx authoritative
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/24 default-router 'xxx.xxx.20.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/24 dns-server 'xxx.xxx.10.10'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/24 domain-name xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/24 lease '86400'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/24 range 0 start 'xxx.xxx.20.250'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/24 range 0 stop 'xxx.xxx.20.251'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.20.13'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:0d'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.20.14'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:31'
set service dhcp-server shared-network-name xxxxxx authoritative
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 default-router 'xxx.xxx.10.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 dns-server 'xxx.xxx.10.10'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 domain-name xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 range 0 start 'xxx.xxx.10.220'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 range 0 stop 'xxx.xxx.10.250'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.11'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:9a'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.124'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:84'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.74'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:7b'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.42'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:6b'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.5'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:3a'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.23'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:ad'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.125'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:5b'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.126'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:fb'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.123'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:a8'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.71'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:b3'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.72'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:24'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.20'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:d5'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.24'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:18'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.60'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:a7'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.127'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:75'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.50'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:06'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.112'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:ff'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.43'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:65'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.40'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:ba'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.44'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:e8'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.70'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:dc'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.73'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:6b'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.76'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:43'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.110'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:8a'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.121'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:da'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.122'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:82'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.41'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:41'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.10'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:9c'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.28'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:fa'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.6'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:f6'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.62'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:b1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.63'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:b7'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.51'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:2f'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.52'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:09'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.113'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:f0'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.53'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:e0'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.21'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:12'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.22'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:8d'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.12'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:2f'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.111'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:ce'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.140'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:f6'
set service dns forwarding allow-from 'xxx.xxx.10.0/24'
set service dns forwarding listen-address 'xxx.xxx.10.1'
set service dns forwarding system
set service ssh listen-address 'xxx.xxx.10.254'
set service ssh listen-address 'xxx.xxx.10.1'
set service ssh port '22'
set system config-management commit-revisions '100'
set system console device ttyS0 speed '115200'
set system domain-name xxxxxx
set system host-name xxxxxx
set system login user xxxxxx authentication encrypted-password xxxxxx
set system login user xxxxxx authentication plaintext-password xxxxxx
set system name-server 'xxx.xxx.10.10'
set system ntp allow-clients address 'xxx.xxx.10.0/24'
set system ntp allow-clients address 'xxx.xxx.20.0/24'
set system ntp listen-address 'xxx.xxx.10.1'
set system ntp listen-address 'xxx.xxx.20.1'
set system ntp server xxxxx.tld
set system ntp server xxxxx.tld
set system ntp server xxxxx.tld
set system static-host-mapping host-name xxxxxx inet 'xxx.xxx.10.10'
set system static-host-mapping host-name xxxxxx inet 'xxx.xxx.10.130'
set system static-host-mapping host-name xxxxxx inet 'xxx.xxx.10.13'
set system static-host-mapping host-name xxxxxx inet 'xxx.xxx.10.12'
set system syslog global facility all level 'info'
set system syslog global facility protocols level 'debug'
set system time-zone 'Australia/Victoria'
set zone-policy zone DEVICE default-action 'drop'
set zone-policy zone DEVICE from INSIDE firewall name 'INSIDE-DEVICE'
set zone-policy zone DEVICE from LOCAL firewall name 'LOCAL-DEVICE'
set zone-policy zone DEVICE from OUTSIDE firewall name 'OUTSIDE-DEVICE'
set zone-policy zone DEVICE interface 'eth2'
set zone-policy zone INSIDE default-action 'drop'
set zone-policy zone INSIDE from DEVICE firewall name 'DEVICE-INSIDE'
set zone-policy zone INSIDE from LOCAL firewall name 'LOCAL-INSIDE'
set zone-policy zone INSIDE from OUTSIDE firewall name 'OUTSIDE-INSIDE'
set zone-policy zone INSIDE interface 'eth1'
set zone-policy zone LOCAL default-action 'drop'
set zone-policy zone LOCAL from DEVICE firewall name 'DEVICE-LOCAL'
set zone-policy zone LOCAL from INSIDE firewall name 'INSIDE-LOCAL'
set zone-policy zone LOCAL from OUTSIDE firewall name 'OUTSIDE-LOCAL'
set zone-policy zone LOCAL local-zone
set zone-policy zone OUTSIDE default-action 'drop'
set zone-policy zone OUTSIDE from DEVICE firewall name 'DEVICE-OUTSIDE'
set zone-policy zone OUTSIDE from INSIDE firewall name 'INSIDE-OUTSIDE'
set zone-policy zone OUTSIDE from LOCAL firewall name 'LOCAL-OUTSIDE'
set zone-policy zone OUTSIDE interface 'eth0'