mtrimarchi · July 28, 2023 12:32
diff --git a/ipv6.rsc b/ipv6.rsc
 /interface 6to4 
 add clamp-tcp-mss=yes disabled=no dont-fragment=no dscp=inherit local-address=2.230.192.193 mtu=1480 name=6rd remote-address=81.208.50.214

 /ipv6 pool 
 add name=ip6 prefix=2001:b07:2e6:c0c1:: prefix-length=64

 /ipv6 address
 add address=2001:b07::/32 advertise=no disabled=no eui-64=no from-pool="" interface=6rd no-dad=no
 add address=::/64 advertise=yes disabled=no eui-64=no from-pool=ip6 interface=bridge no-dad=yes

 /ipv6 route
 add disabled=no distance=1 dst-address=2000::/3 gateway=6rd scope=30 target-scope=10

 # Network Discovery
 /ipv6 nd
 set [ find default=yes ] advertise-dns=yes advertise-mac-address=yes                               \
                         disabled=no hop-limit=unspecified interface=all                           \
                         managed-address-configuration=no mtu=unspecified                          \
                         other-configuration=yes ra-delay=3s ra-interval=3m20s-10m ra-lifetime=30m \
                         reachable-time=unspecified retransmit-interval=unspecified

 /ipv6 nd 
 prefix default set autonomous=yes preferred-lifetime=1w valid-lifetime=4w2d

 # filter input chain
 /ipv6 firewall filter
 add action=accept chain=input comment="accept established connections" connection-state=established,related
 add action=accept chain=input comment="accept ICMP6 messages" limit=100,10:packet protocol=icmpv6
 add action=drop chain=input comment="drop remaining incoming from WAN" in-interface=ether1

 # filter forward chain
 /ipv6 firewall filter
 add action=accept chain=forward comment="accept established connections" connection-state=established,related
 add action=accept chain=forward comment="accept ICMP6 messages" limit=100,10:packet protocol=icmpv6
 add action=drop chain=forward comment="drop invalid connections" connection-state=invalid

 /ipv6 settings
 set accept-redirects=yes-if-forwarding-disabled \
    accept-router-advertisements=yes-if-forwarding-disabled \
    forward=yes \
    max-neighbor-entries=8192
	/interface 6to4
	add clamp-tcp-mss=yes disabled=no dont-fragment=no dscp=inherit local-address=2.230.192.193 mtu=1480 name=6rd remote-address=81.208.50.214

	/ipv6 pool
	add name=ip6 prefix=2001:b07:2e6:c0c1:: prefix-length=64

	/ipv6 address
	add address=2001:b07::/32 advertise=no disabled=no eui-64=no from-pool="" interface=6rd no-dad=no
	add address=::/64 advertise=yes disabled=no eui-64=no from-pool=ip6 interface=bridge no-dad=yes

	/ipv6 route
	add disabled=no distance=1 dst-address=2000::/3 gateway=6rd scope=30 target-scope=10

	# Network Discovery
	/ipv6 nd
	set [ find default=yes ] advertise-dns=yes advertise-mac-address=yes \
	disabled=no hop-limit=unspecified interface=all \
	managed-address-configuration=no mtu=unspecified \
	other-configuration=yes ra-delay=3s ra-interval=3m20s-10m ra-lifetime=30m \
	reachable-time=unspecified retransmit-interval=unspecified

	/ipv6 nd
	prefix default set autonomous=yes preferred-lifetime=1w valid-lifetime=4w2d

	# filter input chain
	/ipv6 firewall filter
	add action=accept chain=input comment="accept established connections" connection-state=established,related
	add action=accept chain=input comment="accept ICMP6 messages" limit=100,10:packet protocol=icmpv6
	add action=drop chain=input comment="drop remaining incoming from WAN" in-interface=ether1

	# filter forward chain
	/ipv6 firewall filter
	add action=accept chain=forward comment="accept established connections" connection-state=established,related
	add action=accept chain=forward comment="accept ICMP6 messages" limit=100,10:packet protocol=icmpv6
	add action=drop chain=forward comment="drop invalid connections" connection-state=invalid

	/ipv6 settings
	set accept-redirects=yes-if-forwarding-disabled \
	accept-router-advertisements=yes-if-forwarding-disabled \
	forward=yes \
	max-neighbor-entries=8192