I ask for help on how to configure a single port on the routerboard both as a WAN and as a LAN.
I have an ONT connected via LAN to the routerboard, and from the routerboard I have 1 sfp cable that goes to a switch and from there the LAN.
the goal is:
connect the ONT to the switch.
From the switch put 1 cable to the sfp port of the routerboard.
The routerboard's sfp port manages both the LAN and WAN
Can you help me on how to do it, if it is possible?
Thank you.
Config:
Code: Select all
/container mounts
add dst=/opt/list name=list_pihole src=/usb1-part1/container_pihole/list
add dst=/etc/pihole name=etc_pihole src=/usb1-part1/container_pihole/etc
add dst=/etc/dnsmasq.d name=dnsmasq_pihole src=\
/usb1-part1/container_pihole/dnsmasq
add dst=/etc/cron.d name=crono_pihole src=/usb1-part1/container_pihole/crono
/disk
set usb1 type=hardware
add parent=usb1 partition-number=1 partition-offset=512 partition-size=\
"500 107 861 504" type=partition
/interface bridge
add comment=Capsman name=BR-Capsman port-cost-mode=short priority=0x6000 \
vlan-filtering=yes
add name=BR-Dockers port-cost-mode=short
/interface veth
add address=192.168.55.55/25 gateway=192.168.55.1 gateway6="" name=veth1
/interface vlan
add comment=Casa interface=BR-Capsman mtu=1480 name=100-Casa vlan-id=100
add comment=Mamma interface=BR-Capsman mtu=1480 name=200-Mamma vlan-id=200
add comment=Guests interface=BR-Capsman mtu=1480 name=300-Guest vlan-id=300
add comment=Domus interface=BR-Capsman mtu=1480 name=400-Domus vlan-id=400
add comment=PiHole interface=BR-Dockers mtu=1480 name=900-PiHole vlan-id=900
add comment=WAN interface=ether1 mtu=1480 name=provider-vlan vlan-id=999
/interface pppoe-client
add add-default-route=yes disabled=no interface=provider-vlan name=\
provider-pppoe use-peer-dns=yes
/interface list
add name=WAN
add name=LAN
add name=TRUSTED
/interface wifi channel
add band=2ghz-g disabled=no frequency=2437 name=silent width=20/40mhz-Ce
add band=2ghz-g disabled=no name=guest
add band=5ghz-ax disabled=no frequency=5200 name=wlan5_ghz skip-dfs-channels=\
all width=20/40/80mhz
add band=2ghz-ax disabled=no frequency=2437 name=wlan2_channel6_main width=\
20/40mhz
add band=2ghz-ax disabled=no frequency=2412 name=wlan2_channel1
add band=2ghz-ax disabled=no frequency=2462 name=wlan2_channel11
/interface wifi datapath
add bridge=BR-Capsman disabled=no name=Wifi_Mamma vlan-id=200
add bridge=BR-Capsman disabled=no name=Wifi_Guest vlan-id=300
add bridge=BR-Capsman disabled=no name=Wifi_Casa vlan-id=100
add bridge=BR-Capsman disabled=no name=Wifi_Domus
/interface wifi security
add authentication-types=wpa2-psk disabled=no group-encryption=ccmp name=home
add authentication-types=wpa2-psk disabled=no group-encryption=ccmp name=\
guest
add authentication-types=wpa2-psk disabled=no name=silent
add authentication-types=wpa2-psk disabled=no name=service
/interface wifi configuration
add antenna-gain=2 country=Italy datapath=Wifi_Guest disabled=yes name=guest \
security=guest ssid=Clochard
add country=Italy datapath=Wifi_Mamma disabled=no hide-ssid=yes mode=ap name=\
silent security=silent ssid=silent
add channel=wlan2_channel11 country=Italy datapath=Wifi_Domus disabled=no \
hide-ssid=no mode=ap name=studio_2ghz security=service ssid=\
LimitService2G
add channel=wlan2_channel1 country=Italy datapath=Wifi_Domus disabled=no \
hide-ssid=no mode=ap name=centro_2ghz security=service ssid=\
LimitService2G
add channel=wlan2_channel6_main country=Italy datapath=Wifi_Domus disabled=no \
hide-ssid=no mode=ap name=server_2ghz security=service ssid=\
LimitService2G
add channel=wlan2_channel11 country=Italy datapath=Wifi_Domus disabled=no \
hide-ssid=no mode=ap name=taverna_2ghz security=service ssid=\
LimitService2G
add channel=wlan2_channel1 country=Italy datapath=Wifi_Domus disabled=no \
hide-ssid=no mode=ap name=esterno_2ghz security=service ssid=\
LimitService2G
add antenna-gain=2 country=Italy datapath=Wifi_Casa disabled=no mode=ap name=\
home2G security=home ssid=HyperLimitless
add country=Italy datapath=Wifi_Domus disabled=no hide-ssid=no mode=ap name=\
service5G security=service ssid=LimitService5G
add channel=wlan5_ghz country=Italy datapath=Wifi_Casa disabled=no mode=ap \
name=home5G security=home ssid=HyperLimitless
/interface wifi
add configuration=service5G disabled=no name=wifi27 radio-mac=\
48:A9:8A:0E:03:51
add configuration=home5G disabled=no mac-address=4A:A9:8A:0E:03:51 \
master-interface=wifi27 name=wifi28
add configuration=service5G disabled=no name=wifi29 radio-mac=\
48:A9:8A:0E:09:5D
add configuration=home5G disabled=no mac-address=4A:A9:8A:0E:09:5D \
master-interface=wifi29 name=wifi30
add configuration=service5G disabled=no name=wifi31 radio-mac=\
48:A9:8A:BC:A5:24
add configuration=home5G disabled=no mac-address=4A:A9:8A:BC:A5:24 \
master-interface=wifi31 name=wifi32
add configuration=service5G disabled=no name=wifi33 radio-mac=\
48:A9:8A:0E:06:A8
add configuration=home5G disabled=no mac-address=4A:A9:8A:0E:06:A8 \
master-interface=wifi33 name=wifi34
add configuration=taverna_2ghz disabled=no name=wifi35 radio-mac=\
48:A9:8A:0E:06:48
# SSID not set
add configuration=guest disabled=no mac-address=4A:A9:8A:0E:06:48 \
master-interface=wifi35 name=wifi36
add configuration=home2G disabled=no mac-address=4A:A9:8A:0E:06:49 \
master-interface=wifi35 name=wifi37
add configuration=esterno_2ghz disabled=no name=wifi38 radio-mac=\
48:A9:8A:0E:09:5E
add configuration=studio_2ghz disabled=no name=wifi39 radio-mac=\
48:A9:8A:0E:03:52
# SSID not set
add configuration=guest disabled=no mac-address=4A:A9:8A:0E:09:5E \
master-interface=wifi38 name=wifi40
add configuration=home2G disabled=no mac-address=4A:A9:8A:0E:09:5F \
master-interface=wifi38 name=wifi41
# SSID not set
add configuration=guest disabled=no mac-address=4A:A9:8A:0E:03:52 \
master-interface=wifi39 name=wifi42
add configuration=home2G disabled=no mac-address=4A:A9:8A:0E:03:53 \
master-interface=wifi39 name=wifi43
add configuration=centro_2ghz disabled=no name=wifi44 radio-mac=\
48:A9:8A:0E:06:A9
# SSID not set
add configuration=guest disabled=no mac-address=4A:A9:8A:0E:06:A9 \
master-interface=wifi44 name=wifi45
add configuration=home2G disabled=no mac-address=4A:A9:8A:0E:06:AA \
master-interface=wifi44 name=wifi46
add configuration=server_2ghz disabled=no name=wifi47 radio-mac=\
48:A9:8A:BC:A5:25
# SSID not set
add configuration=guest disabled=no mac-address=4A:A9:8A:BC:A5:25 \
master-interface=wifi47 name=wifi48
add configuration=home2G disabled=no mac-address=4A:A9:8A:BC:A5:26 \
master-interface=wifi47 name=wifi49
add configuration=silent disabled=no mac-address=4A:A9:8A:BC:A5:27 \
master-interface=wifi47 name=wifi50
add configuration=service5G disabled=no name=wifi51 radio-mac=\
48:A9:8A:0E:06:47
add configuration=home5G disabled=no mac-address=4A:A9:8A:0E:06:47 \
master-interface=wifi51 name=wifi52
/ip kid-control
add disabled=yes fri=0s-1d mon=0s-1d name=system-dummy sat=0s-1d sun=0s-1d \
thu=0s-1d tue=0s-1d tur-fri=0s-1d tur-mon=0s-1d tur-sat=0s-1d tur-sun=\
0s-1d tur-thu=0s-1d tur-tue=0s-1d tur-wed=0s-1d wed=0s-1d
/ip pool
add name=MammaPool ranges=10.255.255.100-10.255.255.200
add name=GuestsPool ranges=172.16.0.2-172.16.15.254
add name=DomusPool ranges=192.168.240.100-192.168.240.200
add name=CasaPool ranges=192.168.0.100-192.168.0.200
/ip dhcp-server
add add-arp=yes address-pool=CasaPool interface=100-Casa lease-script="# When \
\"1\" all DNS entries with IP address of DHCP lease are removed\r\
\n:local dnsRemoveAllByIp \"1\"\r\
\n# When \"1\" all DNS entries with hostname of DHCP lease are removed\r\
\n:local dnsRemoveAllByName \"1\"\r\
\n# When \"1\" addition and removal of DNS entries is always done also for\
\_non-FQDN hostname\r\
\n:local dnsAlwaysNonfqdn \"1\"\r\
\n# DNS domain to add after DHCP client hostname\r\
\n:local dnsDomain \"lan\"\r\
\n# DNS TTL to set for DNS entries\r\
\n:local dnsTtl \"00:15:00\"\r\
\n# Source of DHCP client hostname, can be \"lease-hostname\" or any other\
\_lease attribute, like \"host-name\" or \"comment\"\r\
\n:local leaseClientHostnameSource \"comment\"\r\
\n\r\
\n:local leaseComment \"dhcp-lease-script_\$leaseServerName_\$leaseClientH\
ostnameSource\"\r\
\n:local leaseClientHostname\r\
\n:if (\$leaseClientHostnameSource = \"lease-hostname\") do={\r\
\n :set leaseClientHostname \$\"lease-hostname\"\r\
\n} else={\r\
\n :set leaseClientHostname ([:pick \\\r\
\n [/ip dhcp-server lease print as-value where server=\"\$leaseServerNa\
me\" address=\"\$leaseActIP\" mac-address=\"\$leaseActMAC\"] \\\r\
\n 0]->\"\$leaseClientHostnameSource\")\r\
\n}\r\
\n:local leaseClientHostnameShort \"\$leaseClientHostname\"\r\
\n:local leaseClientHostnames \"\$leaseClientHostname\"\r\
\n:if ([:len [\$dnsDomain]] > 0) do={\r\
\n :set leaseClientHostname \"\$leaseClientHostname.\$dnsDomain\"\r\
\n :if (\$dnsAlwaysNonfqdn = \"1\") do={\r\
\n :set leaseClientHostnames \"\$leaseClientHostname,\$leaseClientHostn\
ameShort\"\r\
\n }\r\
\n}\r\
\n:if (\$dnsRemoveAllByIp = \"1\") do={\r\
\n /ip dns static remove [/ip dns static find comment=\"\$leaseComment\" \
and address=\"\$leaseActIP\"]\r\
\n}\r\
\n:foreach h in=[:toarray value=\"\$leaseClientHostnames\"] do={\r\
\n :if (\$dnsRemoveAllByName = \"1\") do={\r\
\n /ip dns static remove [/ip dns static find comment=\"\$leaseComment\
\" and name=\"\$h\"]\r\
\n }\r\
\n /ip dns static remove [/ip dns static find comment=\"\$leaseComment\" \
and address=\"\$leaseActIP\" and name=\"\$h\"]\r\
\n :if (\$leaseBound = \"1\") do={\r\
\n :delay 1\r\
\n /ip dns static add comment=\"\$leaseComment\" address=\"\$leaseActIP\
\" name=\"\$h\" ttl=\"\$dnsTtl\"\r\
\n }\r\
\n}" lease-time=1d name=Casa_dhcp
add add-arp=yes address-pool=MammaPool bootp-support=none interface=200-Mamma \
lease-time=1d name=Mamma_dchp relay=10.255.254.2 server-address=\
10.255.254.1
add add-arp=yes address-pool=GuestsPool interface=300-Guest lease-time=12h \
name=Guests_dhcp
add add-arp=yes address-pool=DomusPool interface=BR-Capsman lease-script="# Wh\
en \"1\" all DNS entries with IP address of DHCP lease are removed\r\
\n:local dnsRemoveAllByIp \"1\"\r\
\n# When \"1\" all DNS entries with hostname of DHCP lease are removed\r\
\n:local dnsRemoveAllByName \"1\"\r\
\n# When \"1\" addition and removal of DNS entries is always done also for\
\_non-FQDN hostname\r\
\n:local dnsAlwaysNonfqdn \"1\"\r\
\n# DNS domain to add after DHCP client hostname\r\
\n:local dnsDomain \"domus\"\r\
\n# DNS TTL to set for DNS entries\r\
\n:local dnsTtl \"00:15:00\"\r\
\n# Source of DHCP client hostname, can be \"lease-hostname\" or any other\
\_lease attribute, like \"host-name\" or \"comment\"\r\
\n:local leaseClientHostnameSource \"comment\"\r\
\n\r\
\n:local leaseComment \"dhcp-lease-script_\$leaseServerName_\$leaseClientH\
ostnameSource\"\r\
\n:local leaseClientHostname\r\
\n:if (\$leaseClientHostnameSource = \"lease-hostname\") do={\r\
\n :set leaseClientHostname \$\"lease-hostname\"\r\
\n} else={\r\
\n :set leaseClientHostname ([:pick \\\r\
\n [/ip dhcp-server lease print as-value where server=\"\$leaseServerNa\
me\" address=\"\$leaseActIP\" mac-address=\"\$leaseActMAC\"] \\\r\
\n 0]->\"\$leaseClientHostnameSource\")\r\
\n}\r\
\n:local leaseClientHostnameShort \"\$leaseClientHostname\"\r\
\n:local leaseClientHostnames \"\$leaseClientHostname\"\r\
\n:if ([:len [\$dnsDomain]] > 0) do={\r\
\n :set leaseClientHostname \"\$leaseClientHostname.\$dnsDomain\"\r\
\n :if (\$dnsAlwaysNonfqdn = \"1\") do={\r\
\n :set leaseClientHostnames \"\$leaseClientHostname,\$leaseClientHostn\
ameShort\"\r\
\n }\r\
\n}\r\
\n:if (\$dnsRemoveAllByIp = \"1\") do={\r\
\n /ip dns static remove [/ip dns static find comment=\"\$leaseComment\" \
and address=\"\$leaseActIP\"]\r\
\n}\r\
\n:foreach h in=[:toarray value=\"\$leaseClientHostnames\"] do={\r\
\n :if (\$dnsRemoveAllByName = \"1\") do={\r\
\n /ip dns static remove [/ip dns static find comment=\"\$leaseComment\
\" and name=\"\$h\"]\r\
\n }\r\
\n /ip dns static remove [/ip dns static find comment=\"\$leaseComment\" \
and address=\"\$leaseActIP\" and name=\"\$h\"]\r\
\n :if (\$leaseBound = \"1\") do={\r\
\n :delay 1\r\
\n /ip dns static add comment=\"\$leaseComment\" address=\"\$leaseActIP\
\" name=\"\$h\" ttl=\"\$dnsTtl\"\r\
\n }\r\
\n}" lease-time=1w name=Domus_dhcp
/container
add envlist=pihole_envs interface=veth1 mounts=\
list_pihole,etc_pihole,dnsmasq_pihole,crono_pihole root-dir=\
usb1-part1/pihole start-on-boot=yes
/container config
set registry-url=https://registry-1.docker.io tmpdir=usb1-part1/pull
/container envs
add key=TZ name=pihole_envs value=Europe/Rome
add key=FTLCONF_LOCAL_IPV4 name=pihole_envs value=192.168.55.55
/interface bridge port
add bridge=BR-Capsman interface=sfp-sfpplus1 internal-path-cost=10 path-cost=\
10
add bridge=BR-Capsman interface=ether8 internal-path-cost=10 path-cost=10
add bridge=BR-Dockers interface=veth1 internal-path-cost=10 path-cost=10
/ip neighbor discovery-settings
set discover-interface-list=TRUSTED
/ipv6 settings
set disable-ipv6=yes forward=no
/interface bridge vlan
add bridge=BR-Capsman comment="Mamma VLAN" tagged=BR-Capsman,sfp-sfpplus1 \
vlan-ids=200
add bridge=BR-Capsman comment="Guest VLAN" tagged=BR-Capsman,sfp-sfpplus1 \
vlan-ids=300
add bridge=BR-Capsman comment="Domus VLAN" tagged=BR-Capsman,sfp-sfpplus1 \
vlan-ids=400
add bridge=BR-Capsman comment="Casa VLAN" tagged=BR-Capsman,sfp-sfpplus1 \
vlan-ids=100
add bridge=BR-Dockers comment=PiHole tagged=BR-Dockers,veth1 vlan-ids=900
/interface list member
add interface=provider-pppoe list=WAN
add interface=100-Casa list=LAN
add interface=provider-vlan list=WAN
add interface=200-Mamma list=LAN
add interface=300-Guest list=LAN
add interface=400-Domus list=LAN
add interface=100-Casa list=TRUSTED
add interface=400-Domus list=TRUSTED
add interface=BR-Dockers list=LAN
add interface=BR-Capsman list=LAN
/interface wifi access-list
add action=accept comment="Apple Device" disabled=no mac-address=\
18:34:51:00:00:00 mac-address-mask=FF:FF:FF:00:00:00
/interface wifi capsman
set enabled=yes interfaces=BR-Capsman package-path="" \
require-peer-certificate=no upgrade-policy=none
/interface wifi provisioning
add action=create-enabled disabled=no master-configuration=service5G \
name-format="" radio-mac=48:A9:8A:BC:A5:24 slave-configurations=home5G
add action=create-enabled disabled=no master-configuration=studio_2ghz \
name-format="" radio-mac=48:A9:8A:0E:03:52 slave-configurations=\
guest,home2G
add action=create-enabled disabled=no master-configuration=service5G \
name-format="" radio-mac=48:A9:8A:0E:06:47 slave-configurations=home5G
add action=create-enabled disabled=no master-configuration=service5G \
name-format="" radio-mac=48:A9:8A:0E:09:5D slave-configurations=home5G
add action=create-enabled disabled=no master-configuration=service5G \
name-format="" radio-mac=48:A9:8A:0E:06:A8 slave-configurations=home5G
add action=create-enabled disabled=no master-configuration=esterno_2ghz \
name-format="" radio-mac=48:A9:8A:0E:09:5E slave-configurations=\
guest,home2G
add action=create-enabled disabled=no master-configuration=server_2ghz \
name-format="" radio-mac=48:A9:8A:BC:A5:25 slave-configurations=\
guest,home2G,silent
add action=create-enabled disabled=no master-configuration=service5G \
name-format="" radio-mac=48:A9:8A:0E:03:51 slave-configurations=home5G \
supported-bands=5ghz-ax
add action=create-enabled disabled=no master-configuration=centro_2ghz \
name-format="" radio-mac=48:A9:8A:0E:06:A9 slave-configurations=\
guest,home2G
add action=create-enabled disabled=no master-configuration=taverna_2ghz \
name-format="" radio-mac=48:A9:8A:0E:06:48 slave-configurations=\
guest,home2G
/ip address
add address=192.168.0.1/24 interface=100-Casa network=192.168.0.0
add address=172.16.0.1/20 interface=300-Guest network=172.16.0.0
add address=10.255.254.1/24 interface=200-Mamma network=10.255.254.0
add address=192.168.240.1/24 interface=BR-Capsman network=192.168.240.0
add address=192.168.55.1/25 interface=BR-Dockers network=192.168.55.0
/ip dhcp-server network
add address=10.255.255.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.255.255.1 \
netmask=24
add address=172.16.0.0/20 dns-server=1.1.1.3,1.0.0.3 gateway=172.16.0.1 \
netmask=20
add address=192.168.0.0/24 dns-server=192.168.55.55 gateway=192.168.0.1 \
netmask=24
add address=192.168.240.0/24 dns-server=192.168.55.55 gateway=192.168.240.1 \
netmask=24
/ip dns
set allow-remote-requests=yes cache-max-ttl=1m servers=1.1.1.1,1.0.0.1
/ip firewall address-list
add address=192.168.0.0/24 comment="Casa NET" list=net_casa
add address=10.255.255.0/24 comment="Mamma NET" list=net_mamma
add address=172.16.0.0/20 comment="Guest NET" list=net_guest
add address=10.255.255.0/24 comment="Excluded from PiHole" list=excluded
add address=172.16.0.0/20 comment="Excluded from PiHole" list=excluded
add address=192.168.55.55 comment="Excluded from PiHole" list=excluded
add address=192.168.240.0/24 comment="Domus NET" list=net_domus
add address=192.168.240.10 comment="Excluded from PiHole" list=excluded
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input comment=\
"ONLY allow trusted subnet full access to router services" \
src-address-list=net_casa
add action=accept chain=input comment=PiHole dst-port=53,123 \
in-interface-list=LAN protocol=udp
add action=accept chain=input comment=PiHole dst-port=53 in-interface-list=\
LAN protocol=tcp
add action=drop chain=input comment="DROP ALL ELSE"
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=accept chain=forward comment="internet traffic" in-interface-list=\
LAN out-interface-list=WAN
add action=accept chain=forward comment="allow access to ALL DomusNET" \
dst-address-list=net_domus src-address-list=net_casa
add action=accept chain=forward comment="allow access to AP Mamma" \
dst-address=10.255.254.2 src-address-list=net_casa
add action=accept chain=forward comment="allow access to PiHOLE" dst-address=\
192.168.55.55 in-interface-list=LAN
add action=accept chain=forward comment="port forwarding" \
connection-nat-state=dstnat
add action=drop chain=forward comment="DROP ALL ELSE"
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=dst-nat chain=dstnat comment=Pihole dst-port=53 in-interface-list=\
LAN protocol=udp src-address-list=!excluded to-addresses=192.168.55.55
add action=dst-nat chain=dstnat comment=Pihole dst-port=53 in-interface-list=\
LAN protocol=tcp src-address-list=!excluded to-addresses=192.168.55.55
/ip firewall service-port
set ftp disabled=yes
set h323 disabled=yes
set pptp disabled=yes
/ip route
add disabled=no dst-address=10.255.255.0/24 gateway=10.255.254.2 \
routing-table=main suppress-hw-offload=no
add disabled=no dst-address=10.255.255.0/24 gateway=10.255.254.2 \
routing-table=main suppress-hw-offload=no
add disabled=no dst-address=10.255.255.0/24 gateway=10.255.254.2 \
routing-table=main suppress-hw-offload=no
/ip upnp interfaces
add interface=provider type=external
add interface=provider-vlan type=external
add interface=100-Casa type=internal
add interface=400-Domus type=internal
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6
add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6
add address=::/104 comment="defconf: other" list=bad_ipv6
add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6
/ipv6 firewall filter
add action=drop chain=input
add action=drop chain=forward
/system clock
set time-zone-name=Europe/Rome
/system identity
set name=Router
/system logging
set 2 disabled=yes
add action=echo disabled=yes topics=dhcp
add action=echo disabled=yes topics=dhcp
add disabled=yes topics=wireless
add action=echo disabled=yes topics=wireless
add action=remote disabled=yes topics=wireless
add disabled=yes prefix=dhcp topics=debug
add disabled=yes prefix=wireless topics=debug
add topics=wireless,debug,error,info,info
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp server
set enabled=yes local-clock-stratum=1 manycast=yes use-local-clock=yes
/system ntp client servers
add address=0.it.pool.ntp.org
add address=1.it.pool.ntp.org
add address=2.it.pool.ntp.org
add address=3.it.pool.ntp.org
