mgrotke/linuxrouter
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
linuxrouter/routlin/config.json
Matthew Grotke 8eec61a1df Development
2026-06-01 22:12:11 -04:00

842 lines
20 KiB
JSON
Raw Blame History

{
"network_interfaces": {
"wan_interface": "eno2",
"lan_interface": "enp6s0"
},
"upstream_dns": {
"strict_order": false,
"cache_size": 10000,
"upstream_servers": [
"1.1.1.1",
"1.0.0.1",
"2606:4700:4700::1111",
"2606:4700:4700::1001"
]
},
"banned_ips": [
{
"description": "Example: single IPv4 ban",
"enabled": false,
"ip": "94.130.52.18"
},
{
"description": "Example: ban IPv4 /24 by wildcard",
"enabled": false,
"ip": "94.130.52.*"
},
{
"description": "Example: ban IPv4 /16 by wildcard",
"enabled": false,
"ip": "94.130.*.*"
},
{
"description": "Example: ban IPv4 CIDR",
"enabled": false,
"ip": "94.130.0.0/16"
},
{
"description": "Example: ban IPv4 range in one quartet",
"enabled": false,
"ip": "94.130.52.1-20"
},
{
"description": "Example: ban IPv4 range and wildcard",
"enabled": false,
"ip": "94.130-133.52.*"
},
{
"description": "Example: single IPv6 ban",
"enabled": false,
"ip": "2a01:4f8:c17:b0f::2"
},
{
"description": "Example: ban IPv6 /48 by wildcard",
"enabled": false,
"ip": "2a01:4f8:c17:*"
},
{
"description": "Example: ban IPv6 CIDR",
"enabled": false,
"ip": "2a01:4f8::/32"
}
],
"host_overrides": [
{
"description": "LAN DNS override for home server DDNS hostname",
"enabled": true,
"host": "myhome.ddns.net",
"ip": "192.168.1.20"
}
],
"inter_vlan_exceptions": [
{
"description": "IoT TV -> Plex",
"enabled": true,
"protocol": "tcp",
"src_ip_or_subnet": "192.168.10.3",
"dst_ip_or_subnet": "192.168.1.20",
"dest_port_start": 32400,
"dest_port_end": 32400
},
{
"description": "IoT Streaming Box -> Plex",
"enabled": true,
"protocol": "tcp",
"src_ip_or_subnet": "192.168.10.4",
"dst_ip_or_subnet": "192.168.1.20",
"dest_port_start": 32400,
"dest_port_end": 32400
},
{
"description": "Kids -> Plex",
"enabled": true,
"protocol": "both",
"src_ip_or_subnet": "192.168.30.0/24",
"dst_ip_or_subnet": "192.168.1.20",
"dest_port_start": 32400,
"dest_port_end": 32400
},
{
"description": "Kids -> SMB",
"enabled": true,
"protocol": "tcp",
"src_ip_or_subnet": "192.168.30.0/24",
"dst_ip_or_subnet": "192.168.1.20",
"dest_port_start": 445,
"dest_port_end": 445
},
{
"description": "Kids -> Game Server",
"enabled": true,
"protocol": "tcp",
"src_ip_or_subnet": "192.168.30.0/24",
"dst_ip_or_subnet": "192.168.1.20",
"dest_port_start": 25565,
"dest_port_end": 25565
},
{
"description": "Kids -> Web Server HTTP",
"enabled": true,
"protocol": "tcp",
"src_ip_or_subnet": "192.168.30.0/24",
"dst_ip_or_subnet": "192.168.1.20",
"dest_port_start": 80,
"dest_port_end": 80
},
{
"description": "Kids -> Web Server HTTPS",
"enabled": true,
"protocol": "tcp",
"src_ip_or_subnet": "192.168.30.0/24",
"dst_ip_or_subnet": "192.168.1.20",
"dest_port_start": 443,
"dest_port_end": 443
},
{
"description": "Trusted -> Printer (RAW)",
"enabled": true,
"protocol": "tcp",
"src_ip_or_subnet": "192.168.1.0/24",
"dst_ip_or_subnet": "192.168.10.2",
"dest_port_start": 9100,
"dest_port_end": 9100
},
{
"description": "Trusted -> Printer (IPP)",
"enabled": true,
"protocol": "tcp",
"src_ip_or_subnet": "192.168.1.0/24",
"dst_ip_or_subnet": "192.168.10.2",
"dest_port_start": 631,
"dest_port_end": 631
},
{
"description": "Kids -> Printer (RAW)",
"enabled": true,
"protocol": "tcp",
"src_ip_or_subnet": "192.168.30.0/24",
"dst_ip_or_subnet": "192.168.10.2",
"dest_port_start": 9100,
"dest_port_end": 9100
},
{
"description": "Kids -> Printer (IPP)",
"enabled": true,
"protocol": "tcp",
"src_ip_or_subnet": "192.168.30.0/24",
"dst_ip_or_subnet": "192.168.10.2",
"dest_port_start": 631,
"dest_port_end": 631
},
{
"description": "Guest -> Printer (RAW)",
"enabled": true,
"protocol": "tcp",
"src_ip_or_subnet": "192.168.20.0/24",
"dst_ip_or_subnet": "192.168.10.2",
"dest_port_start": 9100,
"dest_port_end": 9100
},
{
"description": "Guest -> Printer (IPP)",
"enabled": true,
"protocol": "tcp",
"src_ip_or_subnet": "192.168.20.0/24",
"dst_ip_or_subnet": "192.168.10.2",
"dest_port_start": 631,
"dest_port_end": 631
},
{
"description": "VPN -> SSH + Rsync",
"enabled": true,
"protocol": "tcp",
"src_ip_or_subnet": "192.168.40.0/24",
"dst_ip_or_subnet": "192.168.1.20",
"dest_port_start": 22,
"dest_port_end": 22
},
{
"description": "VPN -> SMB",
"enabled": false,
"protocol": "tcp",
"src_ip_or_subnet": "192.168.40.0/24",
"dst_ip_or_subnet": "192.168.1.20",
"dest_port_start": 445,
"dest_port_end": 445
},
{
"description": "Trusted -> Kids (LAN Gaming)",
"enabled": false,
"protocol": "both",
"src_ip_or_subnet": "192.168.1.0/24",
"dst_ip_or_subnet": "192.168.30.0/24"
},
{
"description": "Parent PC -> Kids (LAN Gaming)",
"enabled": false,
"protocol": "both",
"src_ip_or_subnet": "192.168.1.50",
"dst_ip_or_subnet": "192.168.30.0/24"
},
{
"description": "Kids -> Parent PC (LAN Gaming)",
"enabled": false,
"protocol": "both",
"src_ip_or_subnet": "192.168.30.0/24",
"dst_ip_or_subnet": "192.168.1.50"
}
],
"port_forwarding": [
{
"description": "WireGuard VPN",
"enabled": true,
"protocol": "udp",
"dest_port": 51820,
"nat_ip": "192.168.1.20",
"nat_port": 51820
},
{
"description": "Plex Server",
"enabled": true,
"protocol": "both",
"dest_port": 32400,
"nat_ip": "192.168.1.20",
"nat_port": 32400
},
{
"description": "Web Server HTTP",
"enabled": true,
"protocol": "tcp",
"dest_port": 80,
"nat_ip": "192.168.1.20",
"nat_port": 80
},
{
"description": "Web Server HTTPS",
"enabled": true,
"protocol": "tcp",
"dest_port": 443,
"nat_ip": "192.168.1.20",
"nat_port": 443
},
{
"description": "Game Server",
"enabled": true,
"protocol": "tcp",
"dest_port": 25565,
"nat_ip": "192.168.1.20",
"nat_port": 25565
},
{
"description": "SSH",
"enabled": false,
"protocol": "tcp",
"dest_port": 22,
"nat_ip": "192.168.1.20",
"nat_port": 22
}
],
"vlans": [
{
"vlan_id": 1,
"name": "trusted",
"subnet": "192.168.1.0",
"subnet_mask": 24,
"is_vpn": false,
"dnsmasq_log_queries": false,
"radius_default": false,
"mdns_reflection": false,
"use_blocklists": [
"oisd-big",
"hagezi-light"
],
"server_identities": [
{
"description": "Router/Gateway",
"ip": "192.168.1.1"
},
{
"description": "Home Server",
"ip": "192.168.1.20",
"hostname": "homeserver"
},
{
"description": "UniFi Controller Inform Host",
"ip": "192.168.1.10",
"hostname": "unifi-controller"
}
],
"dhcp_information": {
"dynamic_pool_start": "192.168.1.100",
"dynamic_pool_end": "192.168.1.245",
"lease_time": "24h",
"domain": "lan",
"explicit_overrides": {
"gateway": "",
"dns_servers": "",
"ntp_servers": ""
}
}
},
{
"vlan_id": 10,
"name": "iot",
"subnet": "192.168.10.0",
"subnet_mask": 24,
"is_vpn": false,
"dnsmasq_log_queries": false,
"radius_default": false,
"mdns_reflection": true,
"use_blocklists": [
"oisd-big",
"hagezi-light"
],
"server_identities": [
{
"description": "Router/Gateway",
"ip": "192.168.10.1"
}
],
"dhcp_information": {
"dynamic_pool_start": "192.168.10.100",
"dynamic_pool_end": "192.168.10.245",
"lease_time": "24h",
"domain": "lan",
"explicit_overrides": {
"gateway": "",
"dns_servers": "",
"ntp_servers": ""
}
}
},
{
"vlan_id": 20,
"name": "guest",
"subnet": "192.168.20.0",
"subnet_mask": 24,
"is_vpn": false,
"dnsmasq_log_queries": false,
"radius_default": true,
"mdns_reflection": true,
"use_blocklists": [
"oisd-big",
"hagezi-light"
],
"server_identities": [
{
"description": "Router/Gateway",
"ip": "192.168.20.1"
}
],
"dhcp_information": {
"dynamic_pool_start": "192.168.20.100",
"dynamic_pool_end": "192.168.20.245",
"lease_time": "4h",
"domain": "lan",
"explicit_overrides": {
"gateway": "",
"dns_servers": "",
"ntp_servers": ""
}
}
},
{
"vlan_id": 30,
"name": "kids",
"subnet": "192.168.30.0",
"subnet_mask": 24,
"is_vpn": false,
"dnsmasq_log_queries": false,
"radius_default": false,
"mdns_reflection": true,
"use_blocklists": [
"oisd-big",
"hagezi-light",
"hagezi-pro-plus"
],
"server_identities": [
{
"description": "Router/Gateway",
"ip": "192.168.30.1"
}
],
"dhcp_information": {
"dynamic_pool_start": "192.168.30.100",
"dynamic_pool_end": "192.168.30.245",
"lease_time": "24h",
"domain": "lan",
"explicit_overrides": {
"gateway": "",
"dns_servers": "",
"ntp_servers": ""
}
}
},
{
"vlan_id": 40,
"name": "vpn",
"subnet": "192.168.40.0",
"subnet_mask": 24,
"is_vpn": true,
"dnsmasq_log_queries": false,
"radius_default": false,
"mdns_reflection": false,
"use_blocklists": [
"oisd-big",
"hagezi-light"
],
"server_identities": [
{
"description": "Router/Gateway",
"ip": "192.168.40.1"
}
],
"vpn_information": {
"listen_port": 51820,
"server_endpoint": "",
"domain": "lan",
"explicit_overrides": {
"gateway": "",
"dns_servers": "",
"mtu": ""
}
},
"peers": []
}
],
"ddns": {
"general": {
"log_max_kb": 1024,
"log_errors_only": false,
"timer_interval": "10m"
},
"providers": [
{
"description": "No-IP Account",
"provider": "noip",
"enabled": true,
"username": "your-username",
"password": "your-password",
"hostnames": [
"yoursubdomain.ddns.net",
"yourothersubdomain.ddns.net"
]
},
{
"description": "Cloudflare Account",
"provider": "cloudflare",
"enabled": true,
"api_token": "your-cloudflare-api-token",
"hostnames": [
"yourdomain.com",
"yoursubdomain.yourdomain.com",
"yourothersubdomain.yourdomain.com"
]
},
{
"description": "DuckDNS Account",
"provider": "duckdns",
"enabled": false,
"api_token": "your-duckdns-api-token",
"hostnames": [
"yoursubdomain.duckdns.org",
"yourothersubdomain.duckdns.org"
]
}
],
"ip_check_services": [
{
"type": "http",
"url": "https://api.ipify.org"
},
{
"type": "http",
"url": "https://ifconfig.me/ip"
},
{
"type": "http",
"url": "https://icanhazip.com"
},
{
"type": "http",
"url": "https://api4.my-ip.io/ip"
},
{
"type": "http",
"url": "https://ipv4.icanhazip.com"
},
{
"type": "http",
"url": "https://checkip.amazonaws.com"
},
{
"type": "http",
"url": "https://1.1.1.1/cdn-cgi/trace"
},
{
"type": "http",
"url": "https://ipinfo.io/ip"
},
{
"type": "http",
"url": "https://ipecho.net/plain"
},
{
"type": "http",
"url": "https://ident.me"
},
{
"type": "http",
"url": "https://myip.dnsomatic.com"
},
{
"type": "http",
"url": "https://wtfismyip.com/text"
},
{
"type": "dig",
"url": "@1.1.1.1 ch txt whoami.cloudflare"
},
{
"type": "dig",
"url": "whoami.akamai.net @ns1-1.akamaitech.net"
},
{
"type": "dig",
"url": "-4 TXT o-o.myaddr.l.google.com @ns1.google.com"
},
{
"type": "dig",
"url": "-4 @ns3.cloudflare.com whoami.cloudflare.com txt"
}
]
},
"dns_blocking": {
"general": {
"log_max_kb": 1024,
"log_errors_only": false,
"daily_execute_time_24hr_local": "02:30"
},
"blocklists": [
{
"name": "oisd-big",
"description": "OISD Big (ads, phishing, malware, telemetry)",
"save_as": "oisd-big.conf",
"url": "https://big.oisd.nl/dnsmasq2",
"format": "dnsmasq"
},
{
"name": "hagezi-light",
"description": "Hagezi Light (ads, tracking, metrics, badware)",
"save_as": "hagezi-light.conf",
"url": "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/dnsmasq/light.txt",
"format": "dnsmasq"
},
{
"name": "hagezi-pro-plus",
"description": "Hagezi Pro Plus (ads, tracking, porn, gambling)",
"save_as": "hagezi-pro-plus.conf",
"url": "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/dnsmasq/pro.plus.txt",
"format": "dnsmasq"
}
]
},
"dhcp_reservations": [
{
"enabled": true,
"description": "UniFi Switch",
"hostname": "unifi-switch",
"mac": "aa:bb:cc:dd:ee:01",
"ip": "192.168.1.2",
"radius_client": true,
"vlan": "trusted"
},
{
"enabled": true,
"description": "UniFi AP (Kitchen)",
"hostname": "unifi-ap-kitchen",
"mac": "aa:bb:cc:dd:ee:02",
"ip": "192.168.1.3",
"radius_client": true,
"vlan": "trusted"
},
{
"enabled": true,
"description": "UniFi AP (Lounge)",
"hostname": "unifi-ap-lounge",
"mac": "aa:bb:cc:dd:ee:03",
"ip": "192.168.1.4",
"radius_client": true,
"vlan": "trusted"
},
{
"enabled": true,
"description": "UniFi AP (Upstairs)",
"hostname": "unifi-ap-upstairs",
"mac": "aa:bb:cc:dd:ee:04",
"ip": "192.168.1.5",
"radius_client": true,
"vlan": "trusted"
},
{
"enabled": true,
"description": "Home Server",
"hostname": "homeserver",
"mac": "aa:bb:cc:dd:ee:05",
"ip": "192.168.1.20",
"vlan": "trusted"
},
{
"enabled": true,
"description": "Desktop PC",
"hostname": "desktop-pc",
"mac": "aa:bb:cc:dd:ee:06",
"ip": "192.168.1.50",
"vlan": "trusted"
},
{
"enabled": true,
"description": "Network Printer",
"hostname": "printer",
"mac": "aa:bb:cc:dd:ee:10",
"ip": "192.168.10.2",
"vlan": "iot"
},
{
"enabled": true,
"description": "Smart TV",
"hostname": "smart-tv",
"mac": "aa:bb:cc:dd:ee:11",
"ip": "192.168.10.3",
"vlan": "iot"
},
{
"enabled": true,
"description": "Streaming Box (Eth)",
"hostname": "streaming-box-eth",
"mac": "aa:bb:cc:dd:ee:12",
"ip": "192.168.10.4",
"vlan": "iot"
},
{
"enabled": true,
"description": "Streaming Box (Wifi)",
"hostname": "streaming-box-wifi",
"mac": "aa:bb:cc:dd:ee:13",
"ip": "192.168.10.4",
"vlan": "iot"
},
{
"enabled": true,
"description": "Raspberry Pi",
"hostname": "rpi",
"mac": "aa:bb:cc:dd:ee:14",
"ip": "192.168.10.12",
"vlan": "iot"
},
{
"enabled": true,
"description": "NAS",
"hostname": "nas",
"mac": "aa:bb:cc:dd:ee:15",
"ip": "192.168.10.14",
"vlan": "iot"
},
{
"enabled": true,
"description": "Doorbell Camera",
"hostname": "doorbell-camera",
"mac": "aa:bb:cc:dd:ee:16",
"ip": "dynamic",
"vlan": "iot"
},
{
"enabled": true,
"description": "Smart Speaker",
"hostname": "smart-speaker",
"mac": "aa:bb:cc:dd:ee:17",
"ip": "dynamic",
"vlan": "iot"
},
{
"enabled": true,
"description": "Family Member Phone 1",
"hostname": "phone-1",
"mac": "aa:bb:cc:dd:ee:20",
"ip": "dynamic",
"vlan": "guest"
},
{
"enabled": true,
"description": "Family Member Phone 2",
"hostname": "phone-2",
"mac": "aa:bb:cc:dd:ee:21",
"ip": "dynamic",
"vlan": "guest"
},
{
"enabled": true,
"description": "Child 1 Laptop",
"hostname": "child1-laptop",
"mac": "aa:bb:cc:dd:ee:30",
"ip": "dynamic",
"vlan": "kids"
},
{
"enabled": true,
"description": "Child 2 Laptop",
"hostname": "child2-laptop",
"mac": "aa:bb:cc:dd:ee:31",
"ip": "dynamic",
"vlan": "kids"
},
{
"enabled": true,
"description": "Child 3 Laptop",
"hostname": "child3-laptop",
"mac": "aa:bb:cc:dd:ee:32",
"ip": "dynamic",
"vlan": "kids"
},
{
"enabled": true,
"description": "Child Tablet",
"hostname": "child-tablet",
"mac": "aa:bb:cc:dd:ee:33",
"ip": "dynamic",
"vlan": "kids"
}
],
"port_wrangling": [
{
"description": "DNS wrangling - redirect Trusted DNS to local resolver",
"enabled": true,
"protocol": "both",
"dest_port": 53,
"redirect_to": "192.168.1.1",
"vlan": "trusted"
},
{
"description": "NTP wrangling - redirect Trusted NTP to local time server",
"enabled": false,
"protocol": "udp",
"dest_port": 123,
"redirect_to": "192.168.1.1",
"vlan": "trusted"
},
{
"description": "DNS wrangling - redirect IoT DNS to local resolver",
"enabled": true,
"protocol": "both",
"dest_port": 53,
"redirect_to": "192.168.10.1",
"vlan": "iot"
},
{
"description": "NTP wrangling - redirect IoT NTP to local time server",
"enabled": false,
"protocol": "udp",
"dest_port": 123,
"redirect_to": "192.168.10.1",
"vlan": "iot"
},
{
"description": "DNS wrangling - redirect Guest DNS to local resolver",
"enabled": true,
"protocol": "both",
"dest_port": 53,
"redirect_to": "192.168.20.1",
"vlan": "guest"
},
{
"description": "NTP wrangling - redirect Guest NTP to local time server",
"enabled": false,
"protocol": "udp",
"dest_port": 123,
"redirect_to": "192.168.20.1",
"vlan": "guest"
},
{
"description": "DNS wrangling - redirect Kids DNS to local resolver",
"enabled": true,
"protocol": "both",
"dest_port": 53,
"redirect_to": "192.168.30.1",
"vlan": "kids"
},
{
"description": "NTP wrangling - redirect Kids NTP to local time server",
"enabled": false,
"protocol": "udp",
"dest_port": 123,
"redirect_to": "192.168.30.1",
"vlan": "kids"
},
{
"description": "DNS wrangling - redirect VPN DNS to local resolver",
"enabled": true,
"protocol": "both",
"dest_port": 53,
"redirect_to": "192.168.40.1",
"vlan": "vpn"
},
{
"description": "NTP wrangling - redirect VPN NTP to local time server",
"enabled": false,
"protocol": "udp",
"dest_port": 123,
"redirect_to": "192.168.40.1",
"vlan": "vpn"
}
],
"radius": {
"general": {
"logging": false,
"log_max_kb": 1024
},
"options": {
"mac_format": "aabbccddeeff",
"apply_to": "all"
}
}
}
Reference in a new issue View git blame Copy permalink