Orangian/ipv6exportros Secret

## ipv6exportros
/ipv6 address
add address=::1 advertise=yes from-pool=general interface=ether1
/ipv6 dhcp-client
add add-default-route=yes interface=ether1 pool-name=general request=prefix use-peer-dns=no
/ipv6 firewall address-list
add address=fe80::/16 list=allowed
add address=ff02::/16 comment=multicast list=allowed
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6
add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6
add address=::/104 comment="defconf: other" list=bad_ipv6
add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6
/ipv6 firewall filter
add action=drop chain=input comment="Drop (invalid)" connection-state=invalid
add action=accept chain=input comment="Accept (established, related)" connection-state=established,related
add action=accept chain=input comment="Accept DHCP (10/sec)" in-interface=ether1 limit=10,20:packet protocol=udp src-port=547
add action=drop chain=input comment="Drop DHCP (>10/sec)" in-interface=ether1 protocol=udp src-port=547
add action=accept chain=input comment="Accept external ICMP (10/sec)" in-interface=ether1 limit=10,20:packet protocol=icmpv6
add action=drop chain=input comment="Drop external ICMP (>10/sec)" in-interface=ether1 protocol=icmpv6
add action=accept chain=input comment="Accept internal ICMP" in-interface=!ether1 protocol=icmpv6
add action=drop chain=input comment="Drop external" in-interface=ether1
add action=reject chain=input comment="Reject everything else"
add action=accept chain=output comment="Accept all"
add action=drop chain=forward comment="Drop (invalid)" connection-state=invalid
add action=accept chain=forward comment="Accept (established, related)" connection-state=established,related
add action=accept chain=forward comment="Accept external ICMP (20/sec)" in-interface=ether1 limit=20,50:packet protocol=icmpv6
add action=drop chain=forward comment="Drop external ICMP (>20/sec)" in-interface=ether1 protocol=icmpv6
add action=accept chain=forward comment="Accept internal" in-interface=!ether1
add action=accept chain=forward comment="Accept outgoing" out-interface=ether1
add action=drop chain=forward comment="Drop external" in-interface=ether1
add action=reject chain=forward comment="Reject everything else"
/ipv6 nd
set [ find default=yes ] disabled=yes
add interface=local ra-interval=20s-1m
	/ipv6 address
	add address=::1 advertise=yes from-pool=general interface=ether1
	/ipv6 dhcp-client
	add add-default-route=yes interface=ether1 pool-name=general request=prefix use-peer-dns=no
	/ipv6 firewall address-list
	add address=fe80::/16 list=allowed
	add address=ff02::/16 comment=multicast list=allowed
	add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
	add address=::1/128 comment="defconf: lo" list=bad_ipv6
	add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
	add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
	add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
	add address=100::/64 comment="defconf: discard only " list=bad_ipv6
	add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
	add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
	add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
	add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6
	add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6
	add address=::/104 comment="defconf: other" list=bad_ipv6
	add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6
	/ipv6 firewall filter
	add action=drop chain=input comment="Drop (invalid)" connection-state=invalid
	add action=accept chain=input comment="Accept (established, related)" connection-state=established,related
	add action=accept chain=input comment="Accept DHCP (10/sec)" in-interface=ether1 limit=10,20:packet protocol=udp src-port=547
	add action=drop chain=input comment="Drop DHCP (>10/sec)" in-interface=ether1 protocol=udp src-port=547
	add action=accept chain=input comment="Accept external ICMP (10/sec)" in-interface=ether1 limit=10,20:packet protocol=icmpv6
	add action=drop chain=input comment="Drop external ICMP (>10/sec)" in-interface=ether1 protocol=icmpv6
	add action=accept chain=input comment="Accept internal ICMP" in-interface=!ether1 protocol=icmpv6
	add action=drop chain=input comment="Drop external" in-interface=ether1
	add action=reject chain=input comment="Reject everything else"
	add action=accept chain=output comment="Accept all"
	add action=drop chain=forward comment="Drop (invalid)" connection-state=invalid
	add action=accept chain=forward comment="Accept (established, related)" connection-state=established,related
	add action=accept chain=forward comment="Accept external ICMP (20/sec)" in-interface=ether1 limit=20,50:packet protocol=icmpv6
	add action=drop chain=forward comment="Drop external ICMP (>20/sec)" in-interface=ether1 protocol=icmpv6
	add action=accept chain=forward comment="Accept internal" in-interface=!ether1
	add action=accept chain=forward comment="Accept outgoing" out-interface=ether1
	add action=drop chain=forward comment="Drop external" in-interface=ether1
	add action=reject chain=forward comment="Reject everything else"
	/ipv6 nd
	set [ find default=yes ] disabled=yes
	add interface=local ra-interval=20s-1m