firewall { all-ping enable broadcast-ping enable config-trap disable ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians disable name lan-local { default-action accept } name lan-wan { default-action accept } name local-lan { default-action accept } name local-wan { default-action accept } name wan-lan { default-action drop rule 100 { action accept state { established enable related enable } } rule 110 { action drop state { invalid enable } } } name wan-local { default-action drop rule 100 { action accept state { established enable related enable } } rule 110 { action drop state { invalid enable } } } receive-redirects disable send-redirects enable source-validation disable syn-cookies enable twa-hazards-protection disable } interfaces { ethernet eth0 { address 172.31.255.6/30 description wan duplex full hw-id 00:0d:b9:51:90:74 ring-buffer { rx 4096 tx 4096 } smp-affinity auto speed 1000 } ethernet eth1 { disable duplex auto hw-id 00:0d:b9:51:90:75 ring-buffer { rx 4096 tx 4096 } smp-affinity auto speed auto } ethernet eth2 { address 192.168.68.1/24 description lan duplex auto hw-id 00:0d:b9:51:90:76 ring-buffer { rx 4096 tx 4096 } smp-affinity auto speed auto } loopback lo { } } nat { source { rule 9001 { outbound-interface eth0 protocol all translation { address masquerade } } } } protocols { static { route 0.0.0.0/0 { next-hop 172.31.255.5 { } } route 10.0.0.0/8 { blackhole { } } route 172.16.0.0/12 { blackhole { } } route 192.168.0.0/16 { blackhole { } } } } service { ssh { listen-address 192.168.68.1 port 22 } } system { console { device ttyS0 { speed 115200 } } domain-name phillipmcmahon.com host-name router2 login { user phillipmcmahon { authentication { encrypted-password **************** plaintext-password **************** public-keys phillipmcmahon-ecdsa { key **************** type ecdsa-sha2-nistp521 } public-keys phillipmcmahon-rsa { key **************** type ssh-rsa } } } } name-server 8.8.8.8 ntp { server time.google.com { } } syslog { global { facility all { level info } facility protocols { level debug } } } time-zone Europe/Zurich } zone-policy { zone lan { default-action drop from local { firewall { name local-lan } } from wan { firewall { name wan-lan } } interface eth2 } zone local { default-action drop from lan { firewall { name lan-local } } from wan { firewall { name wan-local } } local-zone } zone wan { default-action drop from lan { firewall { name lan-wan } } from local { firewall { name local-wan } } interface eth0 } }