IPv6 Manual Configuration Script

From NYC Resistor Wiki
Jump to navigation Jump to search

There is no ipv6 support at all in the ubiquity Unifi GUI but Time Warner supports IPv6 natively. After every firmware update on the USG, you'll need to run this script on the USG to re-enable IPv6.

set interfaces ethernet eth0 dhcpv6-pd rapid-commit enable
set interfaces ethernet eth0 dhcpv6-pd pd 0 prefix-length /56

set interfaces ethernet eth0 dhcpv6-pd pd 0 interface eth1 service dhcpv6-stateful
set interfaces ethernet eth0 dhcpv6-pd pd 0 interface eth1 prefix-id :1
set interfaces ethernet eth0 dhcpv6-pd pd 0 interface eth1 host-address ::1

set interfaces ethernet eth0 dhcpv6-pd pd 0 interface eth1.102 host-address ::1
set interfaces ethernet eth0 dhcpv6-pd pd 0 interface eth1.102 prefix-id :a
set interfaces ethernet eth0 dhcpv6-pd pd 0 interface eth1.102 service slaac

set firewall ipv6-name WANv6_LOCAL default-action drop
set firewall ipv6-name WANv6_LOCAL description "WAN inbound traffic to the router"
set firewall ipv6-name WANv6_LOCAL enable-default-log
set firewall ipv6-name WANv6_LOCAL rule 10 action accept
set firewall ipv6-name WANv6_LOCAL rule 10 description "Allow established/related sessions"
set firewall ipv6-name WANv6_LOCAL rule 10 state established enable
set firewall ipv6-name WANv6_LOCAL rule 10 state related enable
set firewall ipv6-name WANv6_LOCAL rule 20 action drop
set firewall ipv6-name WANv6_LOCAL rule 20 description "Drop invalid state"
set firewall ipv6-name WANv6_LOCAL rule 20 state invalid enable
set firewall ipv6-name WANv6_LOCAL rule 30 action accept
set firewall ipv6-name WANv6_LOCAL rule 30 description "Allow IPv6 icmp"
set firewall ipv6-name WANv6_LOCAL rule 30 protocol ipv6-icmp
set firewall ipv6-name WANv6_LOCAL rule 40 action accept
set firewall ipv6-name WANv6_LOCAL rule 40 description "allow dhcpv6"
set firewall ipv6-name WANv6_LOCAL rule 40 protocol udp
set firewall ipv6-name WANv6_LOCAL rule 40 destination port 546
set firewall ipv6-name WANv6_LOCAL rule 40 source port 547

set firewall ipv6-name WANv6_IN default-action drop
set firewall ipv6-name WANv6_IN description "WAN inbound traffic forwarded to LAN"
set firewall ipv6-name WANv6_IN enable-default-log
set firewall ipv6-name WANv6_IN rule 10 action accept
set firewall ipv6-name WANv6_IN rule 10 description "Allow established/related sessions"
set firewall ipv6-name WANv6_IN rule 10 state established enable
set firewall ipv6-name WANv6_IN rule 10 state related enable
set firewall ipv6-name WANv6_IN rule 20 action drop
set firewall ipv6-name WANv6_IN rule 20 description "Drop invalid state"
set firewall ipv6-name WANv6_IN rule 20 state invalid enable
set firewall ipv6-name WANv6_IN rule 30 action accept
set firewall ipv6-name WANv6_IN rule 30 description "Allow IPv6 icmp"
set firewall ipv6-name WANv6_IN rule 30 protocol ipv6-icmp

set interfaces ethernet eth0 firewall in ipv6-name WANv6_IN 
set interfaces ethernet eth0 firewall local ipv6-name WANv6_LOCAL