dillonhafer/erx.sh

## erx.sh
# Taken from https://medium.com/@nurblieh/ipv6-on-the-edgerouter-lite-c95e3cc8d49d
# just a copy in case that goes away someday

# eth1 is my WAN
# switch0 is my LAN

configure

# Firewall Rule 1/2
edit firewall ipv6-name WAN6_IN
set default-action drop
set rule 10 action accept
set rule 10 description "allow established"
set rule 10 protocol all
set rule 10 state established enable
set rule 10 state related enable
set rule 20 action drop
set rule 20 description "drop invalid packets"
set rule 20 protocol all
set rule 20 state invalid enable
set rule 30 action accept
set rule 30 description "allow ICMPv6"
set rule 30 protocol icmpv6
top

# Firewall Rule 2/2
edit firewall ipv6-name WAN6_LOCAL
set default-action drop
set rule 10 action accept
set rule 10 description "allow established"
set rule 10 protocol all
set rule 10 state established enable
set rule 10 state related enable
set rule 20 action drop
set rule 20 description "drop invalid packets"
set rule 20 protocol all
set rule 20 state invalid enable
set rule 30 action accept
set rule 30 description "allow ICMPv6"
set rule 30 protocol icmpv6
set rule 40 action accept
set rule 40 description "allow DHCPv6 client/server"
set rule 40 destination port 546
set rule 40 source port 547
set rule 40 protocol udp
top

# Attach the policies to WAN interface (eth1)
set interfaces ethernet eth1 firewall in ipv6-name WAN6_IN
set interfaces ethernet eth1 firewall local ipv6-name WAN6_LOCAL

# Start the show 😉
edit interfaces ethernet eth1
set dhcpv6-pd pd 0 prefix-length /64
set dhcpv6-pd pd 0 interface switch0 host-address ::1
set dhcpv6-pd pd 0 interface switch0 prefix-id :0
set dhcpv6-pd pd 0 interface switch0 service slaac
top

commit ; save
	# Taken from https://medium.com/@nurblieh/ipv6-on-the-edgerouter-lite-c95e3cc8d49d
	# just a copy in case that goes away someday

	# eth1 is my WAN
	# switch0 is my LAN

	configure

	# Firewall Rule 1/2
	edit firewall ipv6-name WAN6_IN
	set default-action drop
	set rule 10 action accept
	set rule 10 description "allow established"
	set rule 10 protocol all
	set rule 10 state established enable
	set rule 10 state related enable
	set rule 20 action drop
	set rule 20 description "drop invalid packets"
	set rule 20 protocol all
	set rule 20 state invalid enable
	set rule 30 action accept
	set rule 30 description "allow ICMPv6"
	set rule 30 protocol icmpv6
	top

	# Firewall Rule 2/2
	edit firewall ipv6-name WAN6_LOCAL
	set default-action drop
	set rule 10 action accept
	set rule 10 description "allow established"
	set rule 10 protocol all
	set rule 10 state established enable
	set rule 10 state related enable
	set rule 20 action drop
	set rule 20 description "drop invalid packets"
	set rule 20 protocol all
	set rule 20 state invalid enable
	set rule 30 action accept
	set rule 30 description "allow ICMPv6"
	set rule 30 protocol icmpv6
	set rule 40 action accept
	set rule 40 description "allow DHCPv6 client/server"
	set rule 40 destination port 546
	set rule 40 source port 547
	set rule 40 protocol udp
	top

	# Attach the policies to WAN interface (eth1)
	set interfaces ethernet eth1 firewall in ipv6-name WAN6_IN
	set interfaces ethernet eth1 firewall local ipv6-name WAN6_LOCAL

	# Start the show 😉
	edit interfaces ethernet eth1
	set dhcpv6-pd pd 0 prefix-length /64
	set dhcpv6-pd pd 0 interface switch0 host-address ::1
	set dhcpv6-pd pd 0 interface switch0 prefix-id :0
	set dhcpv6-pd pd 0 interface switch0 service slaac
	top

	commit ; save