首页
关于
统计
留言板
更多
壁纸墙
Search
1
PVE下开启RTL8125B的多队列支持和关闭ASPM
1,506 阅读
2
ubuntu,debian 放开80和443端口,开启bbr
841 阅读
3
How to use caddy With Naiveproxy
750 阅读
4
ROS路由开启IPv6后网速变得很慢?视频网站变卡?
320 阅读
5
冷知识
179 阅读
默认分类
PVE
openwrt
ROS
每日简报
登录
/
注册
Search
标签搜索
p'v'e
RTL8125B
ros
分流
naive
香蕉
累计撰写
11
篇文章
累计收到
56
条评论
首页
栏目
默认分类
PVE
openwrt
ROS
每日简报
页面
关于
统计
留言板
壁纸墙
搜索到
3
篇与
的结果
2023-06-15
ROS使用naive镜像做透明网关,实现分流
原理如图镜像在 https://hub.docker.com/r/tonysun0319/naive详细使用和功能介绍 以后再补
2023年06月15日
48 阅读
0 评论
0 点赞
2023-05-02
ROS路由开启IPv6后网速变得很慢?视频网站变卡?
RouterOS里设置MSS的命令。其中pppoe-out1是wan口,1420是要MSS值,请根据需要修改。/ipv6 firewall mangle add chain=forward out-interface=pppoe-out1 protocol=tcp tcp-flags=syn action=change-mss new-mss=1420openwrt的设置参考下面引用自: 开启 IPv6 后网速变得很慢?可能是 PMTU 黑洞的问题
2023年05月02日
320 阅读
4 评论
0 点赞
2023-03-20
ros默认防火墙配置
Mikrotik 的 RouterBoard 硬件产品默认都有带有配置良好的防火墙规则,x86/CHR 设备默认不带防火墙规则。 如果需要可以导入以下配置:命令在terminal窗口内执行第一部分: Interface List,所有设备均需要导入,请根据自己情况适当修改/interface listadd comment=defconf name=WANadd comment=defconf name=LAN/interface list memberadd interface=ether1 list=LAN #此处注意你LAN的实际接口add interface=ether2 list=WAN #此处注意你WAN的实际接口add interface=pppoe-out1 list=WAN第二部分:IPv4 防火墙规则,推荐所有设备都导入/ip firewall filteradd action=accept chain=input comment="accept ping" protocol=icmpadd action=accept chain=input comment="accept established,related,untracked" connection-state=established,related,untrackedadd action=drop chain=input comment="drop invalid" connection-state=invalidadd action=drop chain=input comment="drop all from WAN" in-interface-list=WANadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,relatedadd action=accept chain=forward comment="accept established,related, untracked" connection-state=established,related,untrackedadd action=drop chain=forward comment="drop invalid" connection-state=invalidadd action=drop chain=forward comment="drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN第三部分:IPv6 防火墙规则,需要启用 IPv6 package 后再导入/ipv6 firewall address-listadd address=::/128 comment="defconf: unspecified address" list=bad_ipv6add address=::1/128 comment="defconf: lo" list=bad_ipv6add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6add address=100::/64 comment="defconf: discard only " list=bad_ipv6add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6add address=::/104 comment="defconf: other" list=bad_ipv6add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6/ipv6 firewall filteradd action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=invalidadd action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udpadd action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/16add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udpadd action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ahadd action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-espadd action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LANadd action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" connection-state=invalidadd action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6add action=accept chain=forward comment="defconf: accept HIP" protocol=139add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udpadd action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ahadd action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-espadd action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
2023年03月20日
77 阅读
0 评论
0 点赞