12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485 |
- #!/usr/bin/lua
- local uci = require('simple-uci').cursor()
- local sysctl = require 'gluon.sysctl'
- local sysconfig = require 'gluon.sysconfig'
- uci:section('network', 'interface', 'wan',
- {
- ifname = sysconfig.wan_ifname,
- type = 'bridge',
- igmp_snooping = true,
- multicast_querier = false,
- peerdns = false,
- auto = true,
- }
- )
- if not uci:get('network', 'wan', 'proto') then
- uci:set('network', 'wan', 'proto', 'dhcp')
- end
- uci:section('network', 'interface', 'wan6',
- {
- ifname = 'br-wan',
- peerdns = false,
- ip6table = 1,
- sourcefilter = false,
- }
- )
- if not uci:get('network', 'wan6', 'proto') then
- uci:set('network', 'wan6', 'proto', 'dhcpv6')
- end
- uci:section('network', 'rule6', 'wan6_lookup',
- {
- mark = '0x01/0x01',
- lookup = 1,
- }
- )
- uci:section('network', 'route6', 'wan6_unreachable',
- {
- type = 'unreachable',
- interface = 'loopback',
- target = '::/0',
- gateway = '::',
- table = 1,
- metric = 65535,
- }
- )
- uci:save('network')
- uci:section('firewall', 'rule', 'wan_igmp',
- {
- name = 'Allow-IGMP',
- src = 'wan',
- proto = 'igmp',
- family = 'ipv4',
- target = 'ACCEPT',
- }
- )
- uci:section('firewall', 'rule', 'wan_mld',
- {
- name = 'Allow-MLD',
- src = 'wan',
- proto = 'icmp',
- src_ip = 'fe80::/10',
- icmp_type = { '130/0', '131/0', '132/0', '143/0', },
- family = 'ipv6',
- target = 'ACCEPT',
- }
- )
- uci:save('firewall')
- sysctl.set('net.ipv6.conf.all.accept_ra', 0)
- sysctl.set('net.ipv6.conf.default.accept_ra', 0)
|