Created
July 31, 2017 07:58
Revisions
-
clyang created this gist
Jul 31, 2017 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,75 @@ configure edit firewall edit ipv6-name WAN6_IN set default-action drop set rule 10 action accept set rule 10 description "Allow established/related" set rule 10 state established enable set rule 10 state related enable set rule 20 action drop set rule 20 description "Drop invalid state" set rule 20 state invalid enable set rule 30 action accept set rule 30 description "Allow ICMPv6" set rule 30 log disable set rule 30 protocol icmpv6 up edit ipv6-name WAN6_LOCAL set default-action drop set rule 10 action accept set rule 10 description "Allow established/related" set rule 10 state established enable set rule 10 state related enable set rule 20 action drop set rule 20 description "Drop invalid state" set rule 20 state invalid enable set rule 30 action accept set rule 30 description "Allow ICMPv6" set rule 30 log disable set rule 30 protocol icmpv6 set rule 40 action accept set rule 40 description "Allow DHCPv6" set rule 40 destination port 546 set rule 40 protocol udp set rule 40 source port 547 up set all-ping enable set broadcast-ping disable set ipv6-receive-redirects disable set ipv6-src-route disable set ip-src-route disable set log-martians enable set receive-redirects disable set send-redirects enable set source-validation disable set syn-cookies enable top commit save exit configure set system host-name UBNT-Gateway set system offload hwnat enable delete system time-zone set system time-zone Asia/Taipei set interfaces ethernet eth4 pppoe 0 dhcpv6-pd prefix-only set interfaces ethernet eth4 pppoe 0 ipv6 enable set interfaces switch switch0 ipv6 address autoconf set interfaces switch switch0 ipv6 router-advert set protocols static interface-route6 ::/0 next-hop-interface pppoe0 set interfaces switch switch0 ipv6 router-advert prefix ::/64 set interfaces ethernet eth4 pppoe 0 firewall in ipv6-name WAN6_IN set interfaces ethernet eth4 pppoe 0 firewall local ipv6-name WAN6_LOCAL set service upnp2 wan pppoe0 set service upnp2 listen-on switch0 set service upnp2 nat-pmp enable set service upnp2 secure-mode disable commit save exit