firewall { group { interface-group GUEST { interface "br1.17" interface "br1.20" } port-group HTTP { description "HTTP Standard Ports" port "80" port "443" } port-group MAIL { description "MAIL standard ports" port "25" port "110" port "143" port "465" port "587" port "993" port "995" } } ipv4 { forward { filter { default-action "accept" rule 5 { action "jump" inbound-interface { name "pppoe0" } jump-target "MAIN-IN-v4" } rule 50 { action "jump" inbound-interface { group "GUEST" } jump-target "GUEST-OUT-v4" } rule 51 { action "jump" jump-target "GUEST-IN-v4" outbound-interface { group "GUEST" } } rule 100 { action "jump" jump-target "MAIN-OUT-v4" outbound-interface { name "pppoe0" } } } } input { filter { default-action "accept" rule 5 { action "jump" inbound-interface { name "pppoe0" } jump-target "MAIN-LOCAL-v4" } } } name GUEST-IN-v4 { default-action "reject" rule 1 { action "accept" description "Allow related and established" state "established" state "related" } rule 101 { action "accept" description "Allow ping" icmp { type "8" } protocol "icmp" } } name GUEST-OUT-v4 { default-action "reject" default-log rule 100 { action "accept" description "Allow DNS-Access" destination { port "53" } protocol "tcp_udp" } rule 300 { action "accept" description "Forbid Local Traffic" outbound-interface { name "pppoe0" } } rule 301 { action "accept" description "Allow Traefik Access" destination { address "10.35.0.201" } protocol "tcp_udp" } } name MAIN-IN-v4 { default-action "reject" description "Filtering of incoming Gateway traffic" rule 1 { action "accept" description "Allow related and established" state "established" state "related" } rule 100 { action "accept" description "Allow ping" icmp { type "8" } protocol "icmp" } rule 300 { action "accept" description "Allow https" destination { group { port-group "HTTP" } } protocol "tcp" } rule 301 { action "accept" description "Allow Mail" destination { group { port-group "MAIL" } } protocol "tcp" } rule 302 { action "accept" description "Allow SSH for git" destination { port "2222" } protocol "tcp" } rule 303 { action "accept" description "Minecraft Server" destination { port "25565-25570" } log protocol "tcp" } rule 304 { action "accept" description "Matrix Federation" destination { port "8448" } log protocol "tcp" } rule 305 { action "accept" description "ark" destination { address "10.38.0.41" port "7777" } log protocol "udp" } } name MAIN-LOCAL-v4 { default-action "reject" description "Filtering of traffic for this host" rule 1 { action "accept" description "Allow related and established" state "established" state "related" } rule 100 { action "accept" description "Allow SSH" destination { port "22" } protocol "tcp_udp" } rule 101 { action "accept" description "Allow ping" icmp { type "8" } protocol "icmp" } rule 300 { action "accept" description "allow wireguard" destination { port "2224" } protocol "udp" } } name MAIN-OUT-v4 { default-action "accept" description "Filtering of outgoing Gateway traffic" rule 200 { action "drop" log source { mac-address "50:8b:b9:bb:5a:df" } } } } ipv6 { forward { filter { default-action "accept" rule 5 { action "jump" inbound-interface { name "pppoe0" } jump-target "MAIN-IN-v6" } rule 50 { action "jump" inbound-interface { group "GUEST" } jump-target "GUEST-OUT-v6" } rule 51 { action "jump" jump-target "GUEST-IN-v6" outbound-interface { group "GUEST" } } rule 100 { action "jump" jump-target "MAIN-OUT-v6" outbound-interface { name "pppoe0" } } } } input { filter { default-action "accept" rule 5 { action "jump" inbound-interface { name "pppoe0" } jump-target "MAIN-LOCAL-v6" } } } name GUEST-IN-v6 { default-action "reject" rule 1 { action "accept" description "Allow related and established" state "established" state "related" } rule 101 { action "accept" description "Allow icmpv6" protocol "icmpv6" } rule 102 { action "accept" description "Allow outgoing link-local" source { address "fe80::/10" } } rule 103 { action "accept" description "Allow outgoing multicast" destination { address "ff00::/8" } } rule 104 { action "accept" description "Allow outgoing multicast" destination { address "ff00::/8" } } } name GUEST-OUT-v6 { default-action "reject" default-log rule 100 { action "accept" description "Allow DNS-Access" destination { port "53" } outbound-interface { name "pppoe0" } protocol "tcp_udp" } rule 101 { action "accept" description "Enable DNS Access" destination { address "fd74:af:0:30::53" } protocol "tcp_udp" } rule 300 { action "accept" description "Forbid Local Traffic" outbound-interface { name "pppoe0" } } rule 301 { action "accept" description "Allow Traefik Access" destination { address "fd74:af:0:35::201" } protocol "tcp_udp" } } name MAIN-IN-v6 { default-action "reject" description "Filtering of incoming Gateway traffic" rule 1 { action "accept" description "Allow related and established" state "established" state "related" } rule 100 { action "accept" description "Allow ping" icmpv6 { type "8" } } rule 101 { action "accept" description "Allow http" destination { group { port-group "HTTP" } } protocol "tcp_udp" } rule 102 { action "accept" description "Allow icmp" protocol "icmpv6" } rule 103 { action "accept" description "Allow outgoing link-local" source { address "fe80::/10" } } rule 104 { action "accept" description "Allow outgoing multicast" destination { address "ff00::/8" } } rule 301 { action "accept" description "Allow Mail" destination { group { port-group "MAIL" } } protocol "tcp" } rule 302 { action "accept" description "Allow SSH for git" destination { port "2222" } protocol "tcp" } rule 303 { action "accept" description "Minecraft Server" destination { port "25565-25570" } log protocol "tcp" } rule 304 { action "accept" description "Matrix Federation" destination { port "8448" } log protocol "tcp" } } name MAIN-LOCAL-v6 { default-action "reject" description "Filtering of traffic for this host" rule 1 { action "accept" description "Allow related and established" state "established" state "related" } rule 100 { action "accept" description "Allow SSH" destination { port "22" } protocol "tcp_udp" } rule 101 { action "accept" description "Allow icmpv6" protocol "icmpv6" } rule 102 { action "accept" description "Allow outgoing link-local" source { address "fe80::/10" } } rule 103 { action "accept" description "Allow outgoing multicast" destination { address "ff00::/8" } } } name MAIN-OUT-v6 { default-action "accept" description "Filtering of outgoing Gateway traffic" rule 200 { action "drop" log source { mac-address "50:8b:b9:bb:5a:df" } } } } } interfaces { bridge br1 { description "LAN" enable-vlan member { interface eth1 { allowed-vlan "35" native-vlan "35" } interface eth2 { allowed-vlan "35" allowed-vlan "15" allowed-vlan "16" allowed-vlan "31" allowed-vlan "38" allowed-vlan "50" native-vlan "35" } interface eth3 { allowed-vlan "35" allowed-vlan "15" allowed-vlan "16" allowed-vlan "17" allowed-vlan "20" allowed-vlan "31" allowed-vlan "38" allowed-vlan "50" allowed-vlan "39" native-vlan "35" } } vif 15 { address "10.15.0.1/24" address "fd74:af:0:15::1/64" description "wlan_mgmt" } vif 16 { address "10.16.0.1/24" description "wlan_client" } vif 17 { address "10.17.0.1/24" description "wlan_guest" } vif 20 { address "10.20.0.1/24" description "guest" } vif 31 { address "10.31.0.1/24" description "workstations" } vif 35 { address "10.35.0.1/24" address "fd74:af:0:35::1/64" description "server" } vif 38 { address "10.38.0.1/24" address "fd74:af:0:38::1/64" description "dmz" } vif 39 { address "10.39.0.1/24" address "fd74:af:0:39::1/64" description "kit" } vif 50 { address "10.50.0.1/24" address "fd74:af:0:50::1/64" description "iot" } } dummy dum1 { address "10.10.0.1/32" address "fd74:af:0:10::1/128" } ethernet eth0 { description "2.5G-1 - WAN" hw-id "64:62:66:2f:3b:ae" offload { gro gso sg tso } } ethernet eth1 { description "2.5G-2" hw-id "64:62:66:2f:3b:af" offload { gro gso sg tso } } ethernet eth2 { description "2.5G-3" hw-id "64:62:66:2f:3b:b0" offload { gro gso sg tso } } ethernet eth3 { description "2.5G-4" hw-id "64:62:66:2f:3b:b1" offload { gro gso sg tso } } loopback lo { } pppoe pppoe0 { authentication { password "26571316" username "551013112907" } dhcpv6-options { pd 0 { interface br1.16 { address "1" sla-id "16" } interface br1.17 { address "1" sla-id "17" } interface br1.31 { address "1" sla-id "31" } interface br1.35 { address "1" sla-id "35" } interface br1.38 { address "1" sla-id "38" } interface br1.39 { address "1" sla-id "39" } length "56" } } ip { adjust-mss "1452" } ipv6 { address { autoconf } adjust-mss "1452" } source-interface "eth0" } wireguard wg1 { address "fd74:af:0:401::1/64" address "10.40.1.1/24" peer jenny-handy { allowed-ips "10.40.1.12/32" allowed-ips "fd74:af:0:401::12/128" persistent-keepalive "30" public-key "sYUoQrXxFVp2rZRGunzeRqXk2NjvLm67taBOu+6Z9Vk=" } peer oberon { allowed-ips "10.40.1.11/32" allowed-ips "fd74:af:0:401::11/128" persistent-keepalive "30" public-key "jYnEKBfCNHf3Q9pA34ZJnUeZwbsF1Zv5AwFOfhNepw8=" } peer oma { allowed-ips "10.40.1.13/32" allowed-ips "fd74:af:0:401::13/128" persistent-keepalive "30" public-key "luCTIvLZuy8zAezOBT1Na9acK35wK9u8x2EMwJxifxk=" } peer s23-FE { allowed-ips "10.40.1.10/32" allowed-ips "fd74:af:0:401::10/128" persistent-keepalive "30" public-key "jOsFAM8H2WhO3gao3gSkIq8IyvAFsmnKl99/SfCZFV0=" } port "2224" private-key "GMNxomUWZPGQv60+AK0Z6ZEK54RrtwI/lgarcqSTkmM=" } } nat { destination { rule 1 { destination { port "80,443,2222,8448" } inbound-interface { name "pppoe0" } protocol "tcp" translation { address "10.35.0.201" } } rule 2 { destination { port "25,110,143,465,857,993,995,587" } inbound-interface { name "pppoe0" } protocol "tcp" translation { address "10.35.0.111" } } rule 3 { description "minecraft" destination { port "25565-25570" } inbound-interface { name "pppoe0" } protocol "tcp" translation { address "10.38.0.10" } } rule 4 { description "ark" destination { port "7777" } inbound-interface { name "br1.31" } protocol "udp" translation { address "10.38.0.41" } } rule 5 { description "ark" destination { port "7777" } inbound-interface { name "pppoe0" } protocol "udp" translation { address "10.38.0.41" } } } source { rule 1 { outbound-interface { name "pppoe0" } source { address "10.0.0.0/8" } translation { address "masquerade" } } } } nat66 { destination { rule 1 { destination { port "80,443,2222,8448" } inbound-interface { name "pppoe0" } protocol "tcp" translation { address "fd74:af:0:35::201" } } rule 2 { destination { port "25,110,143,465,857,993,995,587" } inbound-interface { name "pppoe0" } protocol "tcp" translation { address "fd74:af:0:35::111" } } rule 3 { description "minecraft" destination { port "25565-25570" } inbound-interface { name "pppoe0" } protocol "tcp" translation { address "fd74:af:0:38::10" } } } source { rule 1 { outbound-interface { name "pppoe0" } source { prefix "fd74:af::/56" } translation { address "masquerade" } } } } protocols { static { route 10.10.64.2/32 { next-hop 10.35.0.105 { } } route 10.30.0.53/32 { next-hop 10.35.0.210 { } } route6 64:ff9b::/96 { next-hop fd74:af:0:35::105 { } } route6 fd74:af:0:30::53/128 { next-hop fd74:af:0:35::210 { } } } } service { broadcast-relay { id 1 { interface "br1.31" interface "br1.16" port "24727" } } dhcp-server { hostfile-update shared-network-name games { authoritative option { name-server "10.30.0.53" name-server "10.10.0.1" } subnet 10.38.0.0/24 { option { default-router "10.38.0.1" } range 1 { start "10.38.0.2" stop "10.38.0.254" } static-mapping factorio { ip-address "10.38.0.11" mac "1E:84:D7:00:62:D1" } static-mapping minecraft { ip-address "10.38.0.10" mac "EA:CB:21:4D:87:5A" } subnet-id "1" } } shared-network-name guest { authoritative option { ipv6-only-preferred "86400" name-server "10.30.0.53" name-server "10.10.0.1" } subnet 10.20.0.0/24 { option { default-router "10.20.0.1" } range 1 { start "10.20.0.2" stop "10.20.0.254" } subnet-id "2" } } shared-network-name iot { authoritative option { name-server "10.30.0.53" name-server "10.10.0.1" ntp-server "10.10.0.1" } subnet 10.50.0.0/24 { option { default-router "10.50.0.1" } range 1 { start "10.50.0.2" stop "10.50.0.254" } static-mapping ag-wohnzimmer { ip-address "10.50.0.4" mac "40:4c:ca:67:0f:ec" } static-mapping kueche { ip-address "10.50.0.6" mac "c8:c9:a3:70:12:34" } static-mapping schlafzimmer { ip-address "10.50.0.7" mac "c8:c9:a3:70:1a:64" } static-mapping shelly-3dp { ip-address "10.50.0.19" mac "90:70:69:45:51:C0" } static-mapping shelly-desktop { ip-address "10.50.0.2" mac "34:94:54:8f:fe:a8" } static-mapping shelly-server { ip-address "10.50.0.3" mac "34:94:54:8f:8a:3c" } static-mapping shelly-tv { ip-address "10.50.0.8" mac "08:3A:8D:F4:39:9E" } static-mapping terasse { ip-address "10.50.0.5" mac "c8:c9:a3:70:19:df" } subnet-id "3" } } shared-network-name kit { authoritative option { name-server "10.30.0.53" } subnet 10.39.0.0/24 { option { default-router "10.39.0.1" } range 1 { start "10.39.0.10" stop "10.39.0.250" } subnet-id "39" } } shared-network-name server { authoritative option { name-server "10.30.0.53" name-server "10.10.0.1" ntp-server "10.10.0.1" } subnet 10.35.0.0/24 { option { default-router "10.35.0.1" } range 1 { start "10.35.0.2" stop "10.35.0.254" } static-mapping atlas { ip-address "10.35.0.3" mac "26:5d:59:65:6c:30" } static-mapping automation { ip-address "10.35.0.107" mac "02:A2:DA:98:97:5C" } static-mapping backup { ip-address "10.35.0.155" mac "9E:F2:32:EA:53:8D" } static-mapping bitwarden { ip-address "10.35.0.152" mac "2E:85:FB:30:0F:81" } static-mapping calendar { ip-address "10.35.0.157" mac "9A:59:DC:93:6C:6A" } static-mapping ci { ip-address "10.35.0.109" mac "1E:19:A2:E9:71:73" } static-mapping cloud { ip-address "10.35.0.104" mac "96:16:94:EE:5C:97" } static-mapping dns { ip-address "10.35.0.160" mac "12:14:C0:AF:94:7B" } static-mapping docker { ip-address "10.35.0.101" mac "bc:24:11:80:17:e6" } static-mapping documents { ip-address "10.35.0.102" mac "9A:59:AC:E0:25:A5" } static-mapping entry { ip-address "10.35.0.110" mac "D6:AB:3D:41:B1:F2" } static-mapping equinox { ip-address "10.35.0.2" mac "74:56:3c:55:e9:d7" } static-mapping finance { ip-address "10.35.0.158" mac "76:69:81:6F:67:1D" } static-mapping gauss { ip-address "10.35.0.8" mac "48:a9:8a:cc:c1:4b" } static-mapping grafana { ip-address "10.35.0.153" mac "6A:6D:C0:A8:0C:A4" } static-mapping ittools { ip-address "10.35.0.159" mac "7E:F0:F5:C3:5C:45" } static-mapping lounge { ip-address "10.35.0.150" mac "56:3E:C5:EE:EE:5E" } static-mapping mail { ip-address "10.35.0.111" mac "BC:24:11:EE:23:C2" } static-mapping matrix { ip-address "10.35.0.108" mac "02:84:E0:99:0F:2C" } static-mapping media { ip-address "10.35.0.106" mac "4A:87:40:F3:8F:F2" } static-mapping monitor { ip-address "10.35.0.100" mac "0A:73:14:54:C2:E2" } static-mapping nova { disable ip-address "10.35.0.7" mac "48:a9:8a:cc:c1:4b" } static-mapping printer { ip-address "10.35.0.15" mac "30:05:5c:17:26:f3" } static-mapping projects { ip-address "10.35.0.156" mac "A2:38:B8:7B:83:8E" } static-mapping sensors { ip-address "10.35.0.10" mac "70:b3:d5:50:91:bd" } static-mapping speedtest { ip-address "10.35.0.154" mac "86:00:BC:4A:1B:30" } static-mapping traefik { ip-address "10.35.0.151" mac "62:80:2D:4E:1A:C8" } static-mapping trinity { ip-address "10.35.0.4" mac "00:11:32:86:93:49" } static-mapping ultrastar { ip-address "10.35.0.103" mac "8A:77:95:29:0E:D0" } static-mapping voip { ip-address "10.35.0.113" mac "86:F5:5B:BA:CB:74" } subnet-id "4" } } shared-network-name wlan_client { authoritative option { domain-name "home" ipv6-only-preferred "86400" name-server "10.30.0.53" name-server "10.10.0.1" ntp-server "10.10.0.1" } subnet 10.16.0.0/24 { option { default-router "10.16.0.1" } range 1 { start "10.16.0.2" stop "10.16.0.254" } static-mapping wax615 { ip-address "10.16.0.2" mac "94:18:65:c2:ea:ff" } subnet-id "5" } } shared-network-name wlan_guest { authoritative option { ipv6-only-preferred "86400" name-server "10.30.0.53" name-server "10.10.0.1" } subnet 10.17.0.0/24 { option { default-router "10.17.0.1" } range 1 { start "10.17.0.2" stop "10.17.0.254" } subnet-id "6" } } shared-network-name wlan_mgmt { authoritative option { name-server "10.30.0.53" } subnet 10.15.0.0/24 { option { default-router "10.15.0.1" } range 1 { start "10.15.0.2" stop "10.15.0.254" } static-mapping gyre { ip-address "10.15.0.4" mac "A8:52:D4:91:FF:39" } static-mapping volt { ip-address "10.15.0.5" mac "00:a0:57:6c:4a:3e" } subnet-id "7" } } shared-network-name workstations { authoritative option { name-server "10.30.0.53" name-server "10.10.0.1" ntp-server "10.10.0.1" } subnet 10.31.0.0/24 { option { default-router "10.31.0.1" } range 1 { start "10.31.0.2" stop "10.31.0.254" } static-mapping oberon { ip-address "10.31.0.11" mac "30:24:a9:91:70:61" } static-mapping titania { ip-address "10.31.0.10" mac "d8:5e:d3:40:f9:5b" } subnet-id "8" } } } dns { dynamic { name service-lewellien-net-pppoe0 { address { interface "pppoe0" } host-name "gw.lewellien.net" ip-version "ipv4" password "q9tCHSBUGifWmb2DZV7rvLDrHsD5gxfL" protocol "dyndns2" server "dyndns.strato.com" username "lewellien.net" } name service-lewellien-net-v6-pppoe0 { address { interface "pppoe0" } host-name "gw.lewellien.net" ip-version "ipv6" password "q9tCHSBUGifWmb2DZV7rvLDrHsD5gxfL" protocol "dyndns2" server "dyndns.strato.com" username "lewellien.net" } name service-mail-lewellien-net-pppoe0 { address { interface "pppoe0" } host-name "mail.lewellien.net" ip-version "ipv4" password "q9tCHSBUGifWmb2DZV7rvLDrHsD5gxfL" protocol "dyndns2" server "dyndns.strato.com" username "lewellien.net" } name service-mail-lewellien-net-v6-pppoe0 { address { interface "pppoe0" } host-name "mail.lewellien.net" ip-version "ipv6" password "q9tCHSBUGifWmb2DZV7rvLDrHsD5gxfL" protocol "dyndns2" server "dyndns.strato.com" username "lewellien.net" } name service-matrix-lewellien-net-pppoe0 { address { interface "pppoe0" } host-name "matrix.lewellien.net" ip-version "ipv4" password "q9tCHSBUGifWmb2DZV7rvLDrHsD5gxfL" protocol "dyndns2" server "dyndns.strato.com" username "lewellien.net" } name service-matrix-lewellien-net-v6-pppoe0 { address { interface "pppoe0" } host-name "matrix.lewellien.net" ip-version "ipv6" password "q9tCHSBUGifWmb2DZV7rvLDrHsD5gxfL" protocol "dyndns2" server "dyndns.strato.com" username "lewellien.net" } } forwarding { allow-from "10.0.0.0/8" allow-from "fd74:af::/56" authoritative-domain lewellien.net { records { a any { address "10.35.0.201" } aaaa any { address "fd74:af:0:35::201" } } } listen-address "10.10.0.1" listen-address "fd74:af:0:10::1" zone-cache afinfra.de { options { refresh { interval "1800" } } source { axfr "fd74:af:0:30::53" } } } } lldp { interface eth0 { } interface eth1 { } interface eth2 { } management-address "10.10.0.1" management-address "fd74:af:0:10::1" } monitoring { prometheus { frr-exporter { listen-address "fd74:af:0:10::1" } node-exporter { listen-address "10.10.0.1" } } telegraf { prometheus-client { allow-from "fd74:af:0:35::/64" allow-from "10.35.0.0/24" listen-address "10.10.0.1" } } } ntp { allow-client { address "127.0.0.0/8" address "169.254.0.0/16" address "10.0.0.0/8" address "172.16.0.0/12" address "192.168.0.0/16" address "::1/128" address "fe80::/10" address "fc00::/7" address "0.0.0.0/0" address "::/0" } server ntp1.sda.t-online.de { } server ntp1.sul.t-online.de { } server time1.vyos.net { } server time2.vyos.net { } } router-advert { interface br1.15 { name-server "fd74:af:0:10::1" } interface br1.16 { link-mtu "1492" name-server "fd74:af:0:30::53" name-server "fd74:af:0:10::1" nat64prefix 64:ff9b::/96 { } prefix ::/64 { valid-lifetime "172800" } } interface br1.17 { link-mtu "1492" name-server "fd74:af:0:30::53" name-server "fd74:af:0:10::1" nat64prefix 64:ff9b::/96 { } prefix ::/64 { valid-lifetime "172800" } } interface br1.20 { link-mtu "1492" name-server "fd74:af:0:30::53" name-server "fd74:af:0:10::1" nat64prefix 64:ff9b::/96 { } prefix ::/64 { valid-lifetime "172800" } } interface br1.31 { link-mtu "1492" name-server "fd74:af:0:30::53" name-server "fd74:af:0:10::1" prefix ::/64 { valid-lifetime "172800" } } interface br1.35 { link-mtu "1492" name-server "fd74:af:0:30::53" name-server "fd74:af:0:10::1" prefix ::/64 { valid-lifetime "172800" } } interface br1.38 { name-server "fd74:af:0:10::1" } interface br1.39 { link-mtu "1492" name-server "fd74:af:0:30::53" prefix ::/64 { valid-lifetime "172800" } } interface br1.50 { name-server "fd74:af:0:10::1" } } ssh { listen-address "10.10.0.1" listen-address "fd74:af:0:10::1" } } system { config-management { commit-archive { location "git+https://vyos:uLLPLpARiKLe5ViFJm3dDUNA5m9wMMym@git.lewellien.net/lewellien/vyos-config.git" } commit-revisions "101" } console { device ttyS0 { speed "115200" } } host-name "router" login { user lewellien { authentication { public-keys lewellien@server { key "AAAAC3NzaC1lZDI1NTE5AAAAIIC2v6gFjGdq47jGeqoamDLdLVmvEYpQrIFEqZnmnaCb" type "ssh-ed25519" } } } user vyos { authentication { encrypted-password "$6$rounds=656000$DD0L1d4zCpPTFRm6$85IGUPK9OvLhF6f/N5BZR9ABOpBpLkVZCpTTLoWpRgBlLjZgn0iaEiPAk5O4M.g/wA58bx/VnfgZ2SYuJ7V/w0" plaintext-password "" } } } name-server "10.30.0.53" name-server "fd74:af:0:30::53" name-server "1.1.1.1" option { keyboard-layout "de" } syslog { local { facility all { level "info" } facility local7 { level "debug" } } } time-zone "Europe/Berlin" } // Warning: Do not remove the following line. // vyos-config-version: "bgp@6:broadcast-relay@1:cluster@2:config-management@1:conntrack@6:conntrack-sync@2:container@3:dhcp-relay@2:dhcp-server@11:dhcpv6-server@6:dns-dynamic@4:dns-forwarding@4:firewall@20:flow-accounting@3:https@7:ids@2:interfaces@34:ipoe-server@4:ipsec@14:isis@3:l2tp@9:lldp@3:mdns@1:monitoring@2:nat@8:nat66@3:nhrp@1:ntp@3:openconnect@3:openvpn@5:ospf@2:pim@1:policy@9:pppoe-server@11:pptp@5:qos@3:quagga@12:reverse-proxy@3:rip@1:rpki@2:salt@1:snmp@3:ssh@3:sstp@6:system@30:vpp@4:vrf@3:vrrp@4:vyos-accel-ppp@2:wanloadbalance@4:webproxy@2" // Release version: 2026.01.16-0022-rolling