**Configuration du réseau :** package network config interface 'loopback' option device 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config globals 'globals' option ula\_prefix 'fd11:f295:ee6c::/48' option packet\_steering '1' config device option name 'br-lan' option type 'bridge' list ports 'eth1' list ports 'eth2' list ports 'eth3' list ports 'eth4' config device option name 'eth1' option macaddr '\*\*\*\*' config device option name 'eth2' option macaddr '\*\*\*\*' config device option name 'eth3' option macaddr '\*\*\*\*' config device option name 'eth4' option macaddr '\*\*\*\*' config interface 'lan' option device 'br-lan' option proto 'static' option ipaddr '10.0.0.1' option netmask '255.255.255.0' option ip6assign '60' config device option name 'eth0' option macaddr '\*\*\*\*' config interface 'wan' option device 'eth0' option proto 'dhcp' config interface 'wan6' option device 'eth0' option proto 'dhcpv6' \--- FIREWALL --- package firewall config defaults option input 'REJECT' option output 'ACCEPT' option forward 'REJECT' option synflood\_protect '1' config zone option name 'lan' list network 'lan' option input 'ACCEPT' option output 'ACCEPT' option forward 'ACCEPT' config zone option name 'wan' list network 'wan' list network 'wan6' option input 'REJECT' option output 'ACCEPT' option forward 'REJECT' option masq '1' option mtu\_fix '1' config forwarding option src 'lan' option dest 'wan' config rule option name 'Allow-DHCP-Renew' option src 'wan' option proto 'udp' option dest\_port '68' option target 'ACCEPT' option family 'ipv4' config rule option name 'Allow-Ping' option src 'wan' option proto 'icmp' option icmp\_type 'echo-request' option family 'ipv4' option target 'ACCEPT' config rule option name 'Allow-IGMP' option src 'wan' option proto 'igmp' option family 'ipv4' option target 'ACCEPT' config rule option name 'Allow-DHCPv6' option src 'wan' option proto 'udp' option dest\_port '546' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-MLD' option src 'wan' option proto 'icmp' option src\_ip 'fe80::/10' list icmp\_type '130/0' list icmp\_type '131/0' list icmp\_type '132/0' list icmp\_type '143/0' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-ICMPv6-Input' option src 'wan' option proto 'icmp' list icmp\_type 'echo-request' list icmp\_type 'echo-reply' list icmp\_type 'destination-unreachable' list icmp\_type 'packet-too-big' list icmp\_type 'time-exceeded' list icmp\_type 'bad-header' list icmp\_type 'unknown-header-type' list icmp\_type 'router-solicitation' list icmp\_type 'neighbour-solicitation' list icmp\_type 'router-advertisement' list icmp\_type 'neighbour-advertisement' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-ICMPv6-Forward' option src 'wan' option dest '\*' option proto 'icmp' list icmp\_type 'echo-request' list icmp\_type 'echo-reply' list icmp\_type 'destination-unreachable' list icmp\_type 'packet-too-big' list icmp\_type 'time-exceeded' list icmp\_type 'bad-header' list icmp\_type 'unknown-header-type' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-IPSec-ESP' option src 'wan' option dest 'lan' option proto 'esp' option target 'ACCEPT' config rule option name 'Allow-ISAKMP' option src 'wan' option dest 'lan' option dest\_port '500' option proto 'udp' option target 'ACCEPT' config redirect option dest 'lan' option target 'DNAT' option name 'ntp' option family 'ipv4' list proto 'udp' option src 'wan' option src\_dport '123' option dest\_ip '10.0.0.205' option dest\_port '123' config forwarding option src 'wan' option dest 'lan' root@OpenWrt:\~#