set firewall all-ping enable
set firewall broadcast-ping disable
set firewall group
set firewall ipv6-receive-redirects disable
set firewall ipv6-src-route disable
set firewall ip-src-route disable
set firewall log-martians enable
set firewall name WAN_IN default-action drop
set firewall name WAN_IN description 'WAN to internal'
set firewall name WAN_IN rule 5 action accept
set firewall name WAN_IN rule 5 description 'Allow IPTV Multicast UDP'
set firewall name WAN_IN rule 5 destination address 239.0.0.0/8
set firewall name WAN_IN rule 5 log disable
set firewall name WAN_IN rule 5 protocol udp
set firewall name WAN_IN rule 5 source address 192.168.10.0/24
set firewall name WAN_IN rule 6 action accept
set firewall name WAN_IN rule 6 description 'Allow IGMP'
set firewall name WAN_IN rule 6 log disable
set firewall name WAN_IN rule 6 protocol igmp
set firewall name WAN_IN rule 10 action accept
set firewall name WAN_IN rule 10 description 'Allow established/related'
set firewall name WAN_IN rule 10 state established enable
set firewall name WAN_IN rule 10 state related enable
set firewall name WAN_IN rule 20 action drop
set firewall name WAN_IN rule 20 description 'Drop invalid state'
set firewall name WAN_IN rule 20 state invalid enable
set firewall name WAN_LOCAL default-action drop
set firewall name WAN_LOCAL description 'WAN to router'
set firewall name WAN_LOCAL rule 5 action accept
set firewall name WAN_LOCAL rule 5 description 'Allow IPTV Multicast UDP'
set firewall name WAN_LOCAL rule 5 destination address 239.0.0.0/8
set firewall name WAN_LOCAL rule 5 log disable
set firewall name WAN_LOCAL rule 5 protocol udp
set firewall name WAN_LOCAL rule 5 source address 192.168.10.0/24
set firewall name WAN_LOCAL rule 6 action accept
set firewall name WAN_LOCAL rule 6 description 'Allow IGMP'
set firewall name WAN_LOCAL rule 6 log disable
set firewall name WAN_LOCAL rule 6 protocol igmp
set firewall name WAN_LOCAL rule 10 action accept
set firewall name WAN_LOCAL rule 10 description 'Allow established/related'
set firewall name WAN_LOCAL rule 10 state established enable
set firewall name WAN_LOCAL rule 10 state related enable
set firewall name WAN_LOCAL rule 20 action drop
set firewall name WAN_LOCAL rule 20 description 'Drop invalid state'
set firewall name WAN_LOCAL rule 20 state invalid enable
set firewall receive-redirects disable
set firewall send-redirects enable
set firewall source-validation disable
set firewall syn-cookies enable
set interfaces ethernet eth0 duplex auto
set interfaces ethernet eth0 speed auto
set interfaces ethernet eth0 vif 4 description TV
set interfaces ethernet eth0 vif 4 mtu 1500
set interfaces ethernet eth0 vif 10 address 192.168.10.1/24
set interfaces ethernet eth0 vif 10 description Clients
set interfaces ethernet eth0 vif 40 address 192.168.40.1/24
set interfaces ethernet eth0 vif 40 description Server/Iot
set interfaces ethernet eth1 address 192.168.1.1/24
set interfaces ethernet eth1 description Local
set interfaces ethernet eth1 duplex auto
set interfaces ethernet eth1 speed auto
set interfaces ethernet eth2 address 192.168.2.1/24
set interfaces ethernet eth2 description 'Local 2'
set interfaces ethernet eth2 duplex auto
set interfaces ethernet eth2 speed auto
set interfaces ethernet eth3 duplex auto
set interfaces ethernet eth3 mac 'xx:xx:xx:xx:xx:xx'
set interfaces ethernet eth3 speed auto
set interfaces ethernet eth3 vif 100 description ALTIBOX_CONFIG
set interfaces ethernet eth3 vif 100 mtu 1500
set interfaces ethernet eth3 vif 101 address dhcp
set interfaces ethernet eth3 vif 101 description TV_WAN
set interfaces ethernet eth3 vif 101 dhcp-options default-route no-update
set interfaces ethernet eth3 vif 101 dhcp-options default-route-distance 210
set interfaces ethernet eth3 vif 101 dhcp-options name-server update
set interfaces ethernet eth3 vif 102 address dhcp
set interfaces ethernet eth3 vif 102 description WAN
set interfaces ethernet eth3 vif 102 firewall in name WAN_IN
set interfaces ethernet eth3 vif 102 firewall local name WAN_LOCAL
set interfaces loopback lo
set port-forward auto-firewall enable
set port-forward hairpin-nat enable
set port-forward lan-interface eth0
set port-forward wan-interface eth3
set protocols igmp-proxy interface eth0.10 alt-subnet 0.0.0.0/0
set protocols igmp-proxy interface eth0.10 role downstream
set protocols igmp-proxy interface eth0.10 threshold 1
set protocols igmp-proxy interface eth3.101 alt-subnet 0.0.0.0/0
set protocols igmp-proxy interface eth3.101 role upstream
set protocols igmp-proxy interface eth3.101 threshold 1
set protocols static
set service dns forwarding cache-size 150
set service dns forwarding listen-on eth1
set service dns forwarding listen-on eth2
set service gui http-port 80
set service gui https-port 443
set service gui older-ciphers enable
set service nat rule 5010 description 'masquerade for WAN'
set service nat rule 5010 outbound-interface eth3.102
set service nat rule 5010 type masquerade
set service ssh port 22
set service ssh protocol-version v2
set service unms disable
set system host-name ubnt
set system login user admin level admin
set system ntp server 0.ubnt.pool.ntp.org
set system ntp server 1.ubnt.pool.ntp.org
set system ntp server 2.ubnt.pool.ntp.org
set system ntp server 3.ubnt.pool.ntp.org
set system offload hwnat disable
set system offload ipsec enable
set system offload ipv4 forwarding enable
set system offload ipv4 gre enable
set system offload ipv4 vlan enable
set system static-host-mapping host-name www.longva.com inet 192.168.40.10
set system syslog global facility all level notice
set system syslog global facility protocols level debug
set system time-zone UTC