Let's ignore the device manufacturer or the scripting and think...
What's the lowest common denominator between a v6 router (with ipv6 package installed and enabled) and a v7 with IPv6 enabled?
Guess what... they have at least one IPv6 address!!!
(on ether1 always a link-local fe80::/64 address is present...)
In v7, no matter what happens, the IPv6 part always exists,
so regardless of whether it is active or not, the firewall rules must be set,
also to prevent accidental activations or changes of mind of someone who gets up in the morning at MikroTik.
hmmm
I try to make universal def conf branding script for v6, which will work after upgrade to v7
but in v7 ipv6 is enabled by default
even after reset config to default
but from upgrade from v6 with ipv6 disabled, it stay disabled too
will think about branding def conf for v7
thank you
I'm with @rextended here. If you want IPv6 disabled, then just disable it at start of branding defconf - but leave the firewall.
But you're making things very hard on yourself by even trying to have some "universal" branding kit for both V6 and V7. There is a lot nuance in having scripting code work in both V6 and V7, like using complex parse and/or on-error's to handle missing syntax (like IPv6 package missing in V6)... and this means a lot testing for all the permeations. Basically I think it dangerous to be "too cleaver" in the defconf script since any failure means you cannot to do a "reset-to-defaults" thus netinstall locally be required (which if is at remote customer site, you're rolling a truck to fix some defconf error)
Without knowing your specifics, I'd have a branding kit file for each version. And plan your migration to V7 separately.
