etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'GUEST'
option interface 'GUEST'
option start '100'
option limit '150'
option leasetime '12h'
config dhcp 'IOT'
option interface 'IOT'
option start '100'
option limit '150'
option leasetime '12h'
etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone
option name 'GUESTZone'
option output 'ACCEPT'
option forward 'REJECT'
option input 'REJECT'
list network 'GUEST'
config zone
option name 'IOTZone'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'IOT'
config forwarding
option src 'lan'
option dest 'IOTZone'
config forwarding
option src 'GUESTZone'
option dest 'wan'
config rule
option name 'Guest DHCP and DNS'
option src 'GUESTZone'
option dest_port '53 67 68'
option target 'ACCEPT'
config redirect
option dest 'lan'
option target 'DNAT'
option src 'wan'
option src_dport '1194'
option name 'wireguard'
option dest_ip '192.168.1.131'
option dest_port '1194'
etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fddc:8416:29ef::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option ports '6t 4 1'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0t 5'
option vid '2'
config interface 'GUEST'
option proto 'static'
option ipaddr '10.20.30.40'
option netmask '255.255.255.0'
config interface 'IOT'
option proto 'static'
option ipaddr '172.16.0.1'
option netmask '255.255.255.0'
config switch_vlan
option device 'switch0'
option vlan '3'
option vid '3'
option description 'TheLoft_Guest'
option ports '0t 3'
config switch_vlan
option device 'switch0'
option vlan '4'
option vid '4'
option description 'TheLoft_IOT'
option ports '0t 2'
etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'soc/1b500000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
option band '5g'
option cell_density '0'
option channel '36'
option htmode 'VHT80'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option encryption 'psk2'
option key 'deleted_password'
option ieee80211r '1'
option mobility_domain 'kkkk'
option ft_over_ds '0'
option ft_psk_generate_local '1'
option ssid 'TheLoft'
config wifi-device 'radio1'
option type 'mac80211'
option path 'soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0'
option band '2g'
option htmode 'HT20'
option cell_density '0'
option channel '1'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option encryption 'psk2'
option key 'deleted_password'
option ieee80211r '1'
option mobility_domain 'xxxx'
option ft_over_ds '0'
option ft_psk_generate_local '1'
option ssid 'TheLoft'
config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option ssid 'TheLoft_Guest'
option encryption 'psk2'
option key 'deleted_password'
option ieee80211r '1'
option mobility_domain 'xxx'
option ft_over_ds '0'
option ft_psk_generate_local '1'
option network 'GUEST'
config wifi-iface 'wifinet4'
option device 'radio1'
option mode 'ap'
option ssid 'TheLoft_Guest'
option encryption 'psk2'
option key 'deleted_password'
option ieee80211r '1'
option mobility_domain 'xxxx'
option ft_over_ds '0'
option ft_psk_generate_local '1'
option network 'GUEST'
config wifi-iface 'wifinet5'
option device 'radio1'
option mode 'ap'
option ssid 'TheLoft_IOT'
option encryption 'psk2'
option key 'deleted_password'
option ieee80211r '1'
option mobility_domain 'xxxx'
option ft_over_ds '0'
option ft_psk_generate_local '1'
option network 'IOT'
config wifi-iface 'wifinet7'
option device 'radio0'
option mode 'ap'
option ssid 'TheLoft_IOT'
option encryption 'psk2'
option key 'deleted_password'
option ieee80211r '1'
option mobility_domain 'xxxx'
option ft_over_ds '0'
option ft_psk_generate_local '1'
option network 'IOT'