Centos7 router config firewalld/networkmanager

net.sh

#!/bin/bash
connection="System eth0"
ip4="192.168.168"
ip6="fd00:168:168"
1_interfaces () {
hostnamectl set-hostname router
nmcli c mod "$connection" ipv4.addresses $ip4.1/24
nmcli c mod "$connection" ipv4.method manual
nmcli c mod "$connection" ipv6.addresses $ip6::1/64
nmcli c mod "$connection" ipv6.method manual
nmcli c mod "$connection" connection.zone internal
nmcli c up  "$connection"
}
2_routing () {
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv6.conf.all.forwarding=1
sysctl -p
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
echo "net.ipv6.conf.all.forwarding=1" >> /etc/sysctl.conf
}
3_firewall () {
systemctl enable firewalld
systemctl start firewalld
firewall-cmd --zone=internal --add-service=dns --permanent
firewall-cmd --zone=internal --add-service=dhcp --permanent
firewall-cmd --zone=internal --add-service=dhcpv6 --permanent
firewall-cmd --zone=internal --add-source=${ip4}.0/24 --permanent
firewall-cmd --zone=internal --add-source=${ip6}::/64 --permanent
firewall-cmd --zone=public --add-masquerade --permanent
firewall-cmd --reload
}
4_dhcp-dns () {
yum -y install dnsmasq*
echo "dhcp-range=$ip4.50,$ip4.150,255.255.255.0,12h" > /etc/dnsmasq.d/eth0.conf
echo "dhcp-option=3,$ip4.1" >> /etc/dnsmasq.d/eth0.conf
echo "dhcp-range=$ip6::2,$ip6::500,slaac" >> /etc/dnsmasq.d/eth0.conf
systemctl enable dnsmasq
systemctl start dnsmasq
}

1_interfaces
2_routing
3_firewall
4_dhcp-dns