ROS使用naive镜像做透明网关，实现分流 原理如图镜像在 https://hub.docker.com/r/tonysun0319/naive详细使用和功能介绍 以后再补

ROS路由开启IPv6后网速变得很慢?视频网站变卡？ RouterOS里设置MSS的命令。其中pppoe-out1是wan口，1420是要MSS值，请根据需要修改。/ipv6 firewall mangle add chain=forward out-interface=pppoe-out1 protocol=tcp tcp-flags=syn action=change-mss new-mss=1420openwrt的设置参考下面引用自： 开启 IPv6 后网速变得很慢？可能是 PMTU 黑洞的问题

ros默认防火墙配置 Mikrotik 的 RouterBoard 硬件产品默认都有带有配置良好的防火墙规则，x86/CHR 设备默认不带防火墙规则。 如果需要可以导入以下配置：命令在terminal窗口内执行第一部分： Interface List，所有设备均需要导入，请根据自己情况适当修改/interface listadd comment=defconf name=WANadd comment=defconf name=LAN/interface list memberadd interface=ether1 list=LAN #此处注意你LAN的实际接口add interface=ether2 list=WAN #此处注意你WAN的实际接口add interface=pppoe-out1 list=WAN第二部分：IPv4 防火墙规则，推荐所有设备都导入/ip firewall filteradd action=accept chain=input comment="accept ping" protocol=icmpadd action=accept chain=input comment="accept established,related,untracked" connection-state=established,related,untrackedadd action=drop chain=input comment="drop invalid" connection-state=invalidadd action=drop chain=input comment="drop all from WAN" in-interface-list=WANadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,relatedadd action=accept chain=forward comment="accept established,related, untracked" connection-state=established,related,untrackedadd action=drop chain=forward comment="drop invalid" connection-state=invalidadd action=drop chain=forward comment="drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN第三部分：IPv6 防火墙规则，需要启用 IPv6 package 后再导入/ipv6 firewall address-listadd address=::/128 comment="defconf: unspecified address" list=bad_ipv6add address=::1/128 comment="defconf: lo" list=bad_ipv6add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6add address=100::/64 comment="defconf: discard only " list=bad_ipv6add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6add address=::/104 comment="defconf: other" list=bad_ipv6add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6/ipv6 firewall filteradd action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=invalidadd action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udpadd action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/16add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udpadd action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ahadd action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-espadd action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LANadd action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" connection-state=invalidadd action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6add action=accept chain=forward comment="defconf: accept HIP" protocol=139add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udpadd action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ahadd action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-espadd action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN