Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
///// TODO : Replace <<LAN_INTERFACE>> with internal bridge or lan interface, replace <<<PPPOE_DIGI_INTERFACE>>> with the pppoe-digi interface
/ipv6 nd
set [ find default=yes ] disabled=yes
add advertise-dns=yes interface=<<LAN_INTERFACE>>
/ipv6 dhcp-client
add add-default-route=yes interface=<<<PPPOE_DIGI_INTERFACE>>> pool-name=pool6 request=address,prefix script=":del\
ay 5s;\
\n/ipv6 address remove [find advertise=yes]\
\n/ipv6 address add interface=bridge-lan address=::1/64 from-pool=pool6 advertise=yes" use-peer-dns=no
/ipv6 firewall filter
add action=drop chain=input comment="Drop (invalid)" connection-state=invalid
add action=accept chain=input comment="Accept (established, related)" connection-state=established,related
add action=accept chain=input comment="Accept DHCP (10/sec)" in-interface-list=<<<PPPOE_DIGI_INTERFACE>>> limit=10,20:packet protocol=udp src-port=547
add action=drop chain=input comment="Drop DHCP (>10/sec)" in-interface-list=<<<PPPOE_DIGI_INTERFACE>>> protocol=udp src-port=547
add action=accept chain=input comment="Accept external ICMP (10/sec)" in-interface-list=<<<PPPOE_DIGI_INTERFACE>>> limit=10,20:packet protocol=icmpv6
add action=drop chain=input comment="Drop external ICMP (>10/sec)" in-interface-list=<<<PPPOE_DIGI_INTERFACE>>> protocol=icmpv6
add action=accept chain=input comment="Accept internal ICMP" in-interface-list=!<<<PPPOE_DIGI_INTERFACE>>> protocol=icmpv6
add action=drop chain=input comment="Drop external" in-interface-list=<<<PPPOE_DIGI_INTERFACE>>>
add action=reject chain=input comment="Reject everything else"
add action=accept chain=output comment="Accept all"
add action=drop chain=forward comment="Drop (invalid)" connection-state=invalid
add action=accept chain=forward comment="Accept (established, related)" connection-state=established,related
add action=accept chain=forward comment="Accept external ICMP (20/sec)" in-interface-list=<<<PPPOE_DIGI_INTERFACE>>> limit=20,50:packet protocol=icmpv6
add action=drop chain=forward comment="Drop external ICMP (>20/sec)" in-interface-list=<<<PPPOE_DIGI_INTERFACE>>> protocol=icmpv6
add action=accept chain=forward comment="Accept internal" in-interface-list=!<<<PPPOE_DIGI_INTERFACE>>>
add action=accept chain=forward comment="Accept outgoing" out-interface-list=<<<PPPOE_DIGI_INTERFACE>>>
add action=drop chain=forward comment="Drop external" in-interface-list=<<<PPPOE_DIGI_INTERFACE>>>
add action=reject chain=forward comment="Reject everything else"
@Thayol

This comment has been minimized.

Copy link

@Thayol Thayol commented Dec 21, 2020

There is an error on line 11: interface=bridge-lan should be interface=<<LAN_INTERFACE>>. With that fixed, it works like a charm!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment