Skip to content

Instantly share code, notes, and snippets.

@coldcue
Last active January 6, 2023 19:08
Embed
What would you like to do?
///// TODO : Replace <<LAN_INTERFACE>> with internal bridge or lan interface, replace <<<PPPOE_DIGI_INTERFACE>>> with the pppoe-digi interface
/ipv6 nd
set [ find default=yes ] disabled=yes
add advertise-dns=yes interface=<<LAN_INTERFACE>>
/ipv6 dhcp-client
add add-default-route=yes interface=<<<PPPOE_DIGI_INTERFACE>>> pool-name=pool6 request=address,prefix script=":del\
ay 5s;\
\n/ipv6 address remove [find advertise=yes]\
\n/ipv6 address add interface=<<LAN_INTERFACE>> address=::1/64 from-pool=pool6 advertise=yes" use-peer-dns=no
/ipv6 firewall filter
add action=drop chain=input comment="Drop (invalid)" connection-state=invalid
add action=accept chain=input comment="Accept (established, related)" connection-state=established,related
add action=accept chain=input comment="Accept DHCP (10/sec)" in-interface-list=<<<PPPOE_DIGI_INTERFACE>>> limit=10,20:packet protocol=udp src-port=547
add action=drop chain=input comment="Drop DHCP (>10/sec)" in-interface-list=<<<PPPOE_DIGI_INTERFACE>>> protocol=udp src-port=547
add action=accept chain=input comment="Accept external ICMP (10/sec)" in-interface-list=<<<PPPOE_DIGI_INTERFACE>>> limit=10,20:packet protocol=icmpv6
add action=drop chain=input comment="Drop external ICMP (>10/sec)" in-interface-list=<<<PPPOE_DIGI_INTERFACE>>> protocol=icmpv6
add action=accept chain=input comment="Accept internal ICMP" in-interface-list=!<<<PPPOE_DIGI_INTERFACE>>> protocol=icmpv6
add action=drop chain=input comment="Drop external" in-interface-list=<<<PPPOE_DIGI_INTERFACE>>>
add action=reject chain=input comment="Reject everything else"
add action=accept chain=output comment="Accept all"
add action=drop chain=forward comment="Drop (invalid)" connection-state=invalid
add action=accept chain=forward comment="Accept (established, related)" connection-state=established,related
add action=accept chain=forward comment="Accept external ICMP (20/sec)" in-interface-list=<<<PPPOE_DIGI_INTERFACE>>> limit=20,50:packet protocol=icmpv6
add action=drop chain=forward comment="Drop external ICMP (>20/sec)" in-interface-list=<<<PPPOE_DIGI_INTERFACE>>> protocol=icmpv6
add action=accept chain=forward comment="Accept internal" in-interface-list=!<<<PPPOE_DIGI_INTERFACE>>>
add action=accept chain=forward comment="Accept outgoing" out-interface-list=<<<PPPOE_DIGI_INTERFACE>>>
add action=drop chain=forward comment="Drop external" in-interface-list=<<<PPPOE_DIGI_INTERFACE>>>
add action=reject chain=forward comment="Reject everything else"
@thayol
Copy link

thayol commented Dec 21, 2020

There is an error on line 11: interface=bridge-lan should be interface=<<LAN_INTERFACE>>. With that fixed, it works like a charm!

@iosifnicolae2
Copy link

iosifnicolae2 commented Sep 15, 2022

In my case, ipv6 dhcp-client is stuck in searching mode.. and pool6 is not created..
EDIT. Fixed it by triggering a pppoe interface restart by re-applying the PPPOE settings

@iosifnicolae2
Copy link

Also, on RouterOS v7.5 I had to replace in-interface-list with in-interface and out-interface-list with out-interface

@coldcue
Copy link
Author

coldcue commented Sep 15, 2022

There is an error on line 11: interface=bridge-lan should be interface=<<LAN_INTERFACE>>. With that fixed, it works like a charm!

Thanks, fixed

@kretzu77
Copy link

kretzu77 commented Jan 6, 2023

tried this, but no luck. Stuck in "Searching"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment