thisisacooldog

1. firewall {
2. all-ping enable
3. broadcast-ping disable
4. ipv6-name WANv6_IN {
5. default-action drop
6. description "WAN inbound traffic forwarded to LAN"
7. rule 10 {
8. action accept
9. description "Allow established/releated sessions"
10. state {
11. established enable
12. related enable
13. }
14. }
15. rule 20 {
16. action drop
17. description "Drop invalid state"
18. state {
19. invalid enable
20. }
21. }
22. }
23. ipv6-name WANv6_LOCAL {
24. default-action drop
25. description "WAN inbound traffic to the router"
26. enable-default-log
27. rule 10 {
28. action accept
29. description "Allow established/related sessions"
30. state {
31. established enable
32. related enable
33. }
34. }
35. rule 20 {
36. action drop
37. description "Drop invalid state"
38. state {
39. invalid enable
40. }
41. }
42. rule 30 {
43. action accept
44. description "Allow IPv6 icmp"
45. protocol ipv6-icmp
46. }
47. rule 40 {
48. action accept
49. description "Allow DHCPv6"
50. destination {
51. port 546
52. }
53. protocol udp
54. source {
55. port 547
56. }
57. }
58. }
59. ipv6-receive-redirects disable
60. ipv6-src-route disable
61. ### MORE FIREWALL RULES, BUT NOT FOR IPv6 ###
62.  
63. ### INTERFACE CONFIG STARTS HERE! ###
64. interfaces {
65. ethernet eth0 {
66. address dhcp
67. description Internet
68. dhcpv6-pd {
69. pd 0 {
70. interface eth1 {
71. host-address ::1
72. prefix-id :0
73. service slaac
74. }
75. prefix-length 64
76. }
77. rapid-commit enable
78. }
79. duplex auto
80. firewall {
81. in {
82. ipv6-name WANv6_IN
83. name WAN_IN
84. }
85. local {
86. ipv6-name WANv6_LOCAL
87. name WAN_LOCAL
88. }
89. }
90. speed auto
91. }
92. ### MORE INTERFACE CONFIG, BUT WE DON'T NEED TO SEE THAT ###