Last active
July 28, 2023 12:32
-
-
Save mtrimarchi/c0381d694350ede974f00cea76f8781c to your computer and use it in GitHub Desktop.
Fastweb IPv6 Mikrotik RouterOS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /interface 6to4 | |
| add clamp-tcp-mss=yes disabled=no dont-fragment=no dscp=inherit local-address=2.230.192.193 mtu=1480 name=6rd remote-address=81.208.50.214 | |
| /ipv6 pool | |
| add name=ip6 prefix=2001:b07:2e6:c0c1:: prefix-length=64 | |
| /ipv6 address | |
| add address=2001:b07::/32 advertise=no disabled=no eui-64=no from-pool="" interface=6rd no-dad=no | |
| add address=::/64 advertise=yes disabled=no eui-64=no from-pool=ip6 interface=bridge no-dad=yes | |
| /ipv6 route | |
| add disabled=no distance=1 dst-address=2000::/3 gateway=6rd scope=30 target-scope=10 | |
| # Network Discovery | |
| /ipv6 nd | |
| set [ find default=yes ] advertise-dns=yes advertise-mac-address=yes \ | |
| disabled=no hop-limit=unspecified interface=all \ | |
| managed-address-configuration=no mtu=unspecified \ | |
| other-configuration=yes ra-delay=3s ra-interval=3m20s-10m ra-lifetime=30m \ | |
| reachable-time=unspecified retransmit-interval=unspecified | |
| /ipv6 nd | |
| prefix default set autonomous=yes preferred-lifetime=1w valid-lifetime=4w2d | |
| # filter input chain | |
| /ipv6 firewall filter | |
| add action=accept chain=input comment="accept established connections" connection-state=established,related | |
| add action=accept chain=input comment="accept ICMP6 messages" limit=100,10:packet protocol=icmpv6 | |
| add action=drop chain=input comment="drop remaining incoming from WAN" in-interface=ether1 | |
| # filter forward chain | |
| /ipv6 firewall filter | |
| add action=accept chain=forward comment="accept established connections" connection-state=established,related | |
| add action=accept chain=forward comment="accept ICMP6 messages" limit=100,10:packet protocol=icmpv6 | |
| add action=drop chain=forward comment="drop invalid connections" connection-state=invalid | |
| /ipv6 settings | |
| set accept-redirects=yes-if-forwarding-disabled \ | |
| accept-router-advertisements=yes-if-forwarding-disabled \ | |
| forward=yes \ | |
| max-neighbor-entries=8192 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment