Created
May 30, 2020 23:08
-
-
Save mtrimarchi/0fa97a676cbff5fd4818ea86a6c6e00d to your computer and use it in GitHub Desktop.
Revisions
-
mtrimarchi created this gist
May 30, 2020 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,23 @@ # 6to4.rsc # Notes # We cannot use variables here, somehow the router rejects them. /interface 6to4 # The first value to replace here is your WAN IPv4 address (the one you get when you type "my ip" in google search # The second value is the one called "IPv4 Relay" in the calculator. add clamp-tcp-mss=yes disabled=no dont-fragment=no dscp=inherit local-address=<WAN_IP_HERE> mtu=1480 name=6rd remote-address=<IPV4_RELAY_ADDRESS_HERE> # "IPv6 6RD Adress" /ipv6 pool add name=ip6 prefix=<IPV6_6RD_ADDRESS_HERE_MINE_ENDS_IN_/60> prefix-length=64 /ipv6 address # "Prefix 6RD"/"Mask 6RD" # i.e # Prefix 6RD: AAAA::BBBB::CCCC:: # Mask 6RD: DD # Would give something like: AAAA::BBBB::CCCC::/DD add address=<PREFIX_HERE/MASK_HERE> advertise=no disabled=no eui-64=no from-pool="" interface=6rd no-dad=no add address=::/64 advertise=yes disabled=no eui-64=no from-pool=ip6 interface=bridge no-dad=no /ipv6 route add disabled=no distance=1 dst-address=2000::/3 gateway=6rd scope=30 target-scope=10 This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,13 @@ # firewall6.rsc /ipv6 firewall filter # WARNING: This will wipe your entire ipv4 firewall. Remove this line if you wish to keep # your existing rules, but your script will need adjustments. remove [ find where dynamic=no ] add action=accept chain=input comment="accept established connections" connection-state=established,related add action=accept chain=input comment="accept ICMP6 messages" limit=100,10:packet protocol=icmpv6 add action=accept chain=input comment="accept DHCP6 messages" dst-port=546 protocol=udp src-address=fe80::/64 add action=drop chain=input comment="drop remaining incoming from WAN" in-interface=ether1 add action=accept chain=forward comment="accept established connections" connection-state=established,related add action=accept chain=forward comment="accept ICMP6 messages" limit=100,10:packet protocol=icmpv6 add action=drop chain=forward comment="drop invalid connections" connection-state=invalid add action=drop chain=forward comment="drop remaining incoming from WAN" in-interface=ether1 This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,8 @@ # ip6ra.rsc /ipv6 nd set [ find default=yes ] advertise-dns=yes advertise-mac-address=yes \ disabled=no hop-limit=unspecified interface=all \ managed-address-configuration=no mtu=unspecified \ other-configuration=yes ra-delay=3s ra-interval=3m20s-10m ra-lifetime=30m \ reachable-time=unspecified retransmit-interval=unspecified /ipv6 nd prefix default set autonomous=yes preferred-lifetime=1w valid-lifetime=4w2d