Crash_Override/routeros-scripts
1
0
Fork 0
mirror of https://github.com/eworm-de/routeros-scripts synced 2024-05-14 08:04:19 +00:00
Code Issues Projects Releases Packages Wiki Activity
routeros-scripts/doc/ipv6-update.md
Christian Hesse 62707dc549 ipv6-update: support host addresses in address-list
2023-02-10 11:36:12 +01:00

73 lines
2.6 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Update configuration on IPv6 prefix change
==========================================
[⬅️ Go back to main README](../README.md)
> **Info**: This script can not be used on its own but requires the base
> installation. See [main README](../README.md) for details.
Description
-----------
With changing IPv6 prefix from ISP this script handles to update...
* ipv6 firewall address-list (prefixes (`/64`) and host addresses (`/128`))
* dns records
Requirements and installation
-----------------------------
Just install the script:
$ScriptInstallUpdate ipv6-update;
Your ISP needs to provide an IPv6 prefix, your device receives it via dhcp:
/ipv6/dhcp-client/add add-default-route=yes interface=ppp-isp pool-name=isp request=prefix script=ipv6-update;
Note this already adds this script as `script`. The pool name (here: "`isp`")
is important, we need it later.
Also this expects there is an address assigned from pool to an interface:
/ipv6/address/add from-pool=isp interface=br-local;
Sometimes dhcp client is stuck on reconnect and needs to be released.
Installing [ppp-on-up](ppp-on-up.md) may solve this.
Configuration
-------------
An address list entry is updated with current prefix and can be used in
firewall rules, comment has to be "`ipv6-pool-`" and actual pool name:
/ipv6/firewall/address-list/add address=2003:cf:2f0f:de00::/56 comment=ipv6-pool-isp list=extern;
As this entry is mandatory it is created automatically if it does not exist,
with the comment also set for list.
Address list entries for specific interfaces can be updated as well. The
interface needs to get its address from pool `isp` and the address list entry
has to be associated to an interface in comment:
/ipv6/firewall/address-list/add address=2003:cf:2f0f:de01::/64 comment="ipv6-pool-isp, interface=br-local" list=local;
Updating address list entries with host addresses works as well, the new
prefix is combinded with given suffix then:
/ipv6/firewall/address-list/add address=2003:cf:2f0f:de01:e3e0:f8fa:8cd6:dbe1/128 comment="ipv6-pool-isp, interface=br-local" list=hosts;
Static DNS records need a special comment to be updated. Again it has to
start with "`ipv6-pool-`" and actual pool name, followed by a comma,
"`interface=`" and the name of interface this address is connected to:
/ip/dns/static/add address=2003:cf:2f0f:de00:1122:3344:5566:7788 comment="ipv6-pool-isp, interface=br-local" name=test.example.com ttl=15m;
See also
--------
* [Run scripts on ppp connection](ppp-on-up.md)
---
[⬅️ Go back to main README](../README.md)
[⬆️ Go back to top](#top)
Reference in a new issue View git blame Copy permalink