RubyGems - oxidized - Versions diffs - 0.31.0 → 0.32.0 - Mend

oxidized 0.31.0 → 0.32.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (63) hide show

checksums.yaml +4 -4
data/.github/workflows/ruby.yml +2 -3
data/.rubocop.yml +1 -2
data/.rubocop_todo.yml +6 -6
data/CHANGELOG.md +32 -0
data/Dockerfile +5 -2
data/Rakefile +28 -0
data/docs/Configuration.md +14 -2
data/docs/Creating-Models.md +52 -22
data/docs/DeviceSimulation.md +184 -0
data/docs/Hooks.md +5 -5
data/docs/Issues.md +15 -9
data/docs/Model-Notes/APC_AOS.md +29 -16
data/docs/Model-Notes/FSOS.md +1 -0
data/docs/ModelUnitTests.md +186 -0
data/docs/Supported-OS-Types.md +3 -2
data/examples/podman-compose/Makefile +1 -2
data/{examples/device-simulation → extra}/device2yaml.rb +32 -12
data/extra/gitdiff-msteams.sh +32 -5
data/extra/nagios_check_failing_nodes.rb +1 -1
data/extra/rest_client.rb +1 -1
data/lib/oxidized/config.rb +1 -1
data/lib/oxidized/input/ssh.rb +13 -5
data/lib/oxidized/model/aos7.rb +2 -0
data/lib/oxidized/model/aosw.rb +1 -1
data/lib/oxidized/model/apc_aos.rb +1 -1
data/lib/oxidized/model/arubainstant.rb +1 -1
data/lib/oxidized/model/asa.rb +2 -1
data/lib/oxidized/model/asyncos.rb +1 -1
data/lib/oxidized/model/cumulus.rb +16 -2
data/lib/oxidized/model/enterprise_sonic.rb +46 -0
data/lib/oxidized/model/fsos.rb +5 -1
data/lib/oxidized/model/garderos.rb +4 -4
data/lib/oxidized/model/junos.rb +1 -1
data/lib/oxidized/model/kornfeldos.rb +33 -0
data/lib/oxidized/model/model.rb +2 -2
data/lib/oxidized/model/sonicos.rb +8 -2
data/lib/oxidized/model/tplink.rb +1 -0
data/lib/oxidized/model/xos.rb +1 -1
data/lib/oxidized/source/source.rb +32 -2
data/lib/oxidized/version.rb +2 -2
data/oxidized.gemspec +7 -6
metadata +33 -35
data/examples/device-simulation/README.md +0 -173
data/examples/device-simulation/cmdsets/aoscx +0 -9
data/examples/device-simulation/cmdsets/arubainstant +0 -5
data/examples/device-simulation/cmdsets/asa +0 -7
data/examples/device-simulation/cmdsets/ios +0 -7
data/examples/device-simulation/cmdsets/nxos +0 -5
data/examples/device-simulation/cmdsets/routeros +0 -5
data/examples/device-simulation/cmdsets/srosmd +0 -11
data/examples/device-simulation/yaml/aoscx_R0X25A-6410_FL.10.10.1100.yaml +0 -2281
data/examples/device-simulation/yaml/aoscx_R8N85A-C6000-48G-CL4_PL.10.08.1010.yaml +0 -451
data/examples/device-simulation/yaml/arubainstant_IAP515_8.10.0.6_VWLC.yaml +0 -213
data/examples/device-simulation/yaml/asa_5512_9.12-4-67_single-context.yaml +0 -531
data/examples/device-simulation/yaml/asr920_16.8.1b.yaml +0 -1122
data/examples/device-simulation/yaml/garderos_R7709_003_006_068.yaml +0 -101
data/examples/device-simulation/yaml/iosxe_C9200L-24P-4G_17.09.04a.yaml +0 -514
data/examples/device-simulation/yaml/iosxe_C9800-L-F-K9_17.06.05.yaml +0 -417
data/examples/device-simulation/yaml/riverbed_915.yaml +0 -123
data/examples/device-simulation/yaml/routeros_CHR_7.10.1.yaml +0 -145
data/examples/device-simulation/yaml/routeros_CHR_7.16.yaml +0 -79
data/examples/device-simulation/yaml/routeros_L009UiGS_7.15.2.yaml +0 -353

data/examples/device-simulation/yaml/routeros_CHR_7.16.yaml DELETED Viewed

@@ -1,79 +0,0 @@
----
-init_prompt:
-commands:
-  /system resource print: |-
-    \x20                  uptime: 32m36s
-                      version: 7.16 (stable)
-                   build-time: 2024-09-20 13:00:27
-             factory-software: 7.1
-                  free-memory: 165.6MiB
-                 total-memory: 384.0MiB
-                          cpu: QEMU
-                    cpu-count: 1
-                cpu-frequency: 2999MHz
-                     cpu-load: 2%
-               free-hdd-space: 71.2MiB
-              total-hdd-space: 89.2MiB
-      write-sect-since-reboot: 584
-             write-sect-total: 584
-            architecture-name: x86_64
-                   board-name: CHR QEMU Standard PC (i440FX + PIIX, 1996)
-                     platform: MikroTik
-  /system package update print: |-
-    \x20           channel: stable
-      installed-version: 7.16
-  /system history print without-paging: |-
-  /export show-sensitive: |-
-    # 2024-11-16 06:25:32 by RouterOS 7.16
-    # software id =\x20
-    #
-    /interface ethernet
-    set [ find default-name=ether1 ] disable-running-check=no
-    set [ find default-name=ether2 ] disable-running-check=no
-    set [ find default-name=ether3 ] disable-running-check=no
-    set [ find default-name=ether4 ] disable-running-check=no
-    set [ find default-name=ether5 ] disable-running-check=no
-    set [ find default-name=ether6 ] disable-running-check=no
-    set [ find default-name=ether7 ] disable-running-check=no
-    set [ find default-name=ether8 ] disable-running-check=no
-    /port
-    set 0 name=serial0
-    /ip address
-    add address=10.0.2.100/24 interface=ether1 network=10.0.2.0
-    /ip dhcp-client
-    add interface=ether1
-    /system note
-    set show-at-login=no
-  quit: |-
-    interrupted
-oxidized_output: |
-  #                   version: 7.16 (stable)
-  #          factory-software: 7.1
-  #              total-memory: 384.0MiB
-  #                       cpu: QEMU
-  #                 cpu-count: 1
-  #           total-hdd-space: 89.2MiB
-  #         architecture-name: x86_64
-  #                board-name: CHR QEMU Standard PC (i440FX + PIIX, 1996)
-  #                  platform: MikroTik#   installed-version: 7.16# software id =\x20
-  #
-  /interface ethernet
-  set [ find default-name=ether1 ] disable-running-check=no
-  set [ find default-name=ether2 ] disable-running-check=no
-  set [ find default-name=ether3 ] disable-running-check=no
-  set [ find default-name=ether4 ] disable-running-check=no
-  set [ find default-name=ether5 ] disable-running-check=no
-  set [ find default-name=ether6 ] disable-running-check=no
-  set [ find default-name=ether7 ] disable-running-check=no
-  set [ find default-name=ether8 ] disable-running-check=no
-  /port
-  set 0 name=serial0
-  /ip address
-  add address=10.0.2.100/24 interface=ether1 network=10.0.2.0
-  /ip dhcp-client
-  add interface=ether1
-  /system note
-  set show-at-login=no

data/examples/device-simulation/yaml/routeros_L009UiGS_7.15.2.yaml DELETED Viewed

@@ -1,353 +0,0 @@
----
-init_prompt:
-commands:
-  /system resource print: |-
-    \x20                  uptime: 14w1d19h55m4s
-    \x20                 version: 7.15.2 (stable)
-    \x20              build-time: 2024-06-26 11:42:37
-    \x20        factory-software: 7.12
-    \x20             free-memory: 432.4MiB
-    \x20            total-memory: 512.0MiB
-    \x20                     cpu: ARM
-    \x20               cpu-count: 2
-    \x20           cpu-frequency: 800MHz
-    \x20                cpu-load: 0%
-    \x20          free-hdd-space: 103.8MiB
-    \x20         total-hdd-space: 128.0MiB
-    \x20 write-sect-since-reboot: 361943
-    \x20        write-sect-total: 669893
-    \x20              bad-blocks: 0%
-    \x20       architecture-name: arm
-    \x20              board-name: L009UiGS
-    \x20                platform: MikroTik
-  /system package update print: |-
-    \x20           channel: stable
-    \x20 installed-version: 7.15.2
-    \x20    latest-version: 7.15.3
-    \x20            status: New version is available
-  /system history print without-paging: |-
-    Flags: U - UNDOABLE
-    Columns: ACTION, BY, POLICY, TIME
-    \x20 ACTION                            BY           POLICY  TIME              \x20
-    U bridge port changed               user  write   2024-07-31 09:33:47
-    U bridge port changed               user  write   2024-07-31 09:32:52
-    U bridge port changed               user  write   2024-07-31 09:32:50
-    U detect-internet settings changed  user  write   2024-07-31 09:28:59
-  /export show-sensitive: |-
-    # 2024-10-25 12:09:43 by RouterOS 7.15.2
-    # software id = A0AA-AAA0
-    #
-    # model = L009UiGS
-    # serial number = AA111AAAAAA
-    /interface bridge
-    add admin-mac=00:00:5E:00:53:00 auto-mac=no comment=defconf name=bridge \\
-    \x20   port-cost-mode=short
-    /interface vlan
-    add interface=ether1 name=vlan6 vlan-id=6
-    /interface pppoe-client
-    add add-default-route=yes disabled=no interface=vlan6 name=pppoe-out1 \\
-    \x20   password=password use-peer-dns=yes user=user
-    /interface list
-    add comment=defconf name=WAN
-    add comment=defconf name=LAN
-    /interface wireless security-profiles
-    set [ find default=yes ] supplicant-identity=MikroTik
-    /ip pool
-    add name=default-dhcp ranges=192.0.2.0-192.0.2.254
-    /ip dhcp-server
-    add address-pool=default-dhcp interface=bridge lease-time=10m name=defconf
-    /port
-    set 0 name=serial0
-    /snmp community
-    add addresses=0.0.0.0/0 name=community security=authorized
-    /interface bridge port
-    add bridge=bridge comment=defconf interface=ether2 internal-path-cost=10 \\
-    \x20   path-cost=10
-    add bridge=bridge comment=defconf interface=ether3 internal-path-cost=10 \\
-    \x20   path-cost=10
-    add bridge=bridge comment=defconf interface=ether4 internal-path-cost=10 \\
-    \x20   path-cost=10
-    add bridge=bridge comment=defconf interface=ether5 internal-path-cost=10 \\
-    \x20   path-cost=10
-    add bridge=bridge comment=defconf interface=ether6 internal-path-cost=10 \\
-    \x20   path-cost=10
-    add bridge=bridge comment=defconf interface=ether7 internal-path-cost=10 \\
-    \x20   path-cost=10
-    add bridge=bridge comment=defconf interface=ether8 internal-path-cost=10 \\
-    \x20   path-cost=10
-    add bridge=bridge comment=defconf interface=sfp1 internal-path-cost=10 \\
-    \x20   path-cost=10
-    /ip firewall connection tracking
-    set udp-timeout=10s
-    /ip neighbor discovery-settings
-    set discover-interface-list=LAN
-    /ip settings
-    set max-neighbor-entries=14336
-    /ipv6 settings
-    set max-neighbor-entries=7168
-    /interface list member
-    add comment=defconf interface=bridge list=LAN
-    add comment=defconf interface=ether1 list=WAN
-    add interface=pppoe-out1 list=WAN
-    /ip address
-    add address=192.0.2.1/24 comment=defconf interface=bridge network=\\
-    \x20   192.0.2.0
-    /ip dhcp-client
-    add comment=defconf interface=ether1
-    /ip dhcp-server network
-    add address=192.0.2.0/24 comment=defconf dns-server=192.0.2.1 gateway=\\
-    \x20   192.0.2.1
-    /ip dns
-    set allow-remote-requests=yes
-    /ip dns static
-    add address=192.0.2.1 comment=defconf name=router.lan
-    /ip firewall address-list
-    add address=198.51.100.1 list=\"office\"
-    add address=198.51.100.2 list=\"nms\"
-    /ip firewall filter
-    add action=accept chain=input comment=\\
-    \x20   \"defconf: accept established,related,untracked\" connection-state=\\
-    \x20   established,related,untracked
-    add action=drop chain=input comment=\"defconf: drop invalid\" connection-state=\\
-    \x20   invalid
-    add action=accept chain=input comment=\"defconf: accept ICMP\" protocol=icmp
-    add action=accept chain=input comment=\"Remote MGTM\" in-interface-list=WAN \\
-    \x20   src-address-list=\"office\"
-    add action=accept chain=input in-interface-list=WAN src-address-list=\\
-    \x20   \"nms\"
-    add action=accept chain=input comment=\\
-    \x20   \"defconf: accept to local loopback (for CAPsMAN)\" dst-address=127.0.0.1
-    add action=drop chain=input comment=\"defconf: drop all not coming from LAN\" \\
-    \x20   in-interface-list=!LAN
-    add action=accept chain=forward comment=\"defconf: accept in ipsec policy\" \\
-    \x20   ipsec-policy=in,ipsec
-    add action=accept chain=forward comment=\"defconf: accept out ipsec policy\" \\
-    \x20   ipsec-policy=out,ipsec
-    add action=fasttrack-connection chain=forward comment=\"defconf: fasttrack\" \\
-    \x20   connection-state=established,related hw-offload=yes
-    add action=accept chain=forward comment=\\
-    \x20   \"defconf: accept established,related, untracked\" connection-state=\\
-    \x20   established,related,untracked
-    add action=drop chain=forward comment=\"defconf: drop invalid\" \\
-    \x20   connection-state=invalid
-    add action=drop chain=forward comment=\\
-    \x20   \"defconf: drop all from WAN not DSTNATed\" connection-nat-state=!dstnat \\
-    \x20   connection-state=new in-interface-list=WAN
-    /ip firewall nat
-    add action=masquerade chain=srcnat comment=\"defconf: masquerade\" \\
-    \x20   ipsec-policy=out,none out-interface-list=WAN
-    /ipv6 firewall address-list
-    add address=::/128 comment=\"defconf: unspecified address\" list=bad_ipv6
-    add address=::1/128 comment=\"defconf: lo\" list=bad_ipv6
-    add address=fec0::/10 comment=\"defconf: site-local\" list=bad_ipv6
-    add address=::ffff:0.0.0.0/96 comment=\"defconf: ipv4-mapped\" list=bad_ipv6
-    add address=::/96 comment=\"defconf: ipv4 compat\" list=bad_ipv6
-    add address=100::/64 comment=\"defconf: discard only \" list=bad_ipv6
-    add address=2001:db8::/32 comment=\"defconf: documentation\" list=bad_ipv6
-    add address=2001:10::/28 comment=\"defconf: ORCHID\" list=bad_ipv6
-    add address=3ffe::/16 comment=\"defconf: 6bone\" list=bad_ipv6
-    /ipv6 firewall filter
-    add action=accept chain=input comment=\\
-    \x20   \"defconf: accept established,related,untracked\" connection-state=\\
-    \x20   established,related,untracked
-    add action=drop chain=input comment=\"defconf: drop invalid\" connection-state=\\
-    \x20   invalid
-    add action=accept chain=input comment=\"defconf: accept ICMPv6\" protocol=\\
-    \x20   icmpv6
-    add action=accept chain=input comment=\"defconf: accept UDP traceroute\" port=\\
-    \x20   33434-33534 protocol=udp
-    add action=accept chain=input comment=\\
-    \x20   \"defconf: accept DHCPv6-Client prefix delegation.\" dst-port=546 protocol=\\
-    \x20   udp src-address=fe80::/10
-    add action=accept chain=input comment=\"defconf: accept IKE\" dst-port=500,4500 \\
-    \x20   protocol=udp
-    add action=accept chain=input comment=\"defconf: accept ipsec AH\" protocol=\\
-    \x20   ipsec-ah
-    add action=accept chain=input comment=\"defconf: accept ipsec ESP\" protocol=\\
-    \x20   ipsec-esp
-    add action=accept chain=input comment=\\
-    \x20   \"defconf: accept all that matches ipsec policy\" ipsec-policy=in,ipsec
-    add action=drop chain=input comment=\\
-    \x20   \"defconf: drop everything else not coming from LAN\" in-interface-list=\\
-    \x20   !LAN
-    add action=accept chain=forward comment=\\
-    \x20   \"defconf: accept established,related,untracked\" connection-state=\\
-    \x20   established,related,untracked
-    add action=drop chain=forward comment=\"defconf: drop invalid\" \\
-    \x20   connection-state=invalid
-    add action=drop chain=forward comment=\\
-    \x20   \"defconf: drop packets with bad src ipv6\" src-address-list=bad_ipv6
-    add action=drop chain=forward comment=\\
-    \x20   \"defconf: drop packets with bad dst ipv6\" dst-address-list=bad_ipv6
-    add action=drop chain=forward comment=\"defconf: rfc4890 drop hop-limit=1\" \\
-    \x20   hop-limit=equal:1 protocol=icmpv6
-    add action=accept chain=forward comment=\"defconf: accept ICMPv6\" protocol=\\
-    \x20   icmpv6
-    add action=accept chain=forward comment=\"defconf: accept HIP\" protocol=139
-    add action=accept chain=forward comment=\"defconf: accept IKE\" dst-port=\\
-    \x20   500,4500 protocol=udp
-    add action=accept chain=forward comment=\"defconf: accept ipsec AH\" protocol=\\
-    \x20   ipsec-ah
-    add action=accept chain=forward comment=\"defconf: accept ipsec ESP\" protocol=\\
-    \x20   ipsec-esp
-    add action=accept chain=forward comment=\\
-    \x20   \"defconf: accept all that matches ipsec policy\" ipsec-policy=in,ipsec
-    add action=drop chain=forward comment=\\
-    \x20   \"defconf: drop everything else not coming from LAN\" in-interface-list=\\
-    \x20   !LAN
-    /snmp
-    set contact=user enabled=yes location=\"Riga, LATIVA\" \\
-    \x20   trap-community=community
-    /system clock
-    set time-zone-name=Europe/Riga
-    /system identity
-    set name=router
-    /system note
-    set show-at-login=no
-    /system routerboard settings
-    set enter-setup-on=delete-key
-    /tool mac-server
-    set allowed-interface-list=LAN
-    /tool mac-server mac-winbox
-    set allowed-interface-list=LAN
-  quit: |-
-    interrupted
-oxidized_output: |
-  #                   version: 7.15.2 (stable)
-  #          factory-software: 7.12
-  #              total-memory: 512.0MiB
-  #                       cpu: ARM
-  #                 cpu-count: 2
-  #           total-hdd-space: 128.0MiB
-  #         architecture-name: arm
-  #                board-name: L009UiGS
-  #                  platform: MikroTik#   installed-version: 7.15.2
-  # Flags: U - UNDOABLE
-  # Columns: ACTION, BY, POLICY, TIME
-  #   ACTION                            BY           POLICY  TIME              \x20
-  # U bridge port changed               user  write   2024-07-31 09:33:47
-  # U bridge port changed               user  write   2024-07-31 09:32:52
-  # U bridge port changed               user  write   2024-07-31 09:32:50
-  # U detect-internet settings changed  user  write   2024-07-31 09:28:59# software id = A0AA-AAA0
-  #
-  # model = L009UiGS
-  # serial number = AA111AAAAAA
-  /interface bridge
-  add admin-mac=00:00:5E:00:53:00 auto-mac=no comment=defconf name=bridge port-cost-mode=short
-  /interface vlan
-  add interface=ether1 name=vlan6 vlan-id=6
-  /interface pppoe-client
-  add add-default-route=yes disabled=no interface=vlan6 name=pppoe-out1 password=password use-peer-dns=yes user=user
-  /interface list
-  add comment=defconf name=WAN
-  add comment=defconf name=LAN
-  /interface wireless security-profiles
-  set [ find default=yes ] supplicant-identity=MikroTik
-  /ip pool
-  add name=default-dhcp ranges=192.0.2.0-192.0.2.254
-  /ip dhcp-server
-  add address-pool=default-dhcp interface=bridge lease-time=10m name=defconf
-  /port
-  set 0 name=serial0
-  /snmp community
-  add addresses=0.0.0.0/0 name=community security=authorized
-  /interface bridge port
-  add bridge=bridge comment=defconf interface=ether2 internal-path-cost=10 path-cost=10
-  add bridge=bridge comment=defconf interface=ether3 internal-path-cost=10 path-cost=10
-  add bridge=bridge comment=defconf interface=ether4 internal-path-cost=10 path-cost=10
-  add bridge=bridge comment=defconf interface=ether5 internal-path-cost=10 path-cost=10
-  add bridge=bridge comment=defconf interface=ether6 internal-path-cost=10 path-cost=10
-  add bridge=bridge comment=defconf interface=ether7 internal-path-cost=10 path-cost=10
-  add bridge=bridge comment=defconf interface=ether8 internal-path-cost=10 path-cost=10
-  add bridge=bridge comment=defconf interface=sfp1 internal-path-cost=10 path-cost=10
-  /ip firewall connection tracking
-  set udp-timeout=10s
-  /ip neighbor discovery-settings
-  set discover-interface-list=LAN
-  /ip settings
-  set max-neighbor-entries=14336
-  /ipv6 settings
-  set max-neighbor-entries=7168
-  /interface list member
-  add comment=defconf interface=bridge list=LAN
-  add comment=defconf interface=ether1 list=WAN
-  add interface=pppoe-out1 list=WAN
-  /ip address
-  add address=192.0.2.1/24 comment=defconf interface=bridge network=192.0.2.0
-  /ip dhcp-client
-  add comment=defconf interface=ether1
-  /ip dhcp-server network
-  add address=192.0.2.0/24 comment=defconf dns-server=192.0.2.1 gateway=192.0.2.1
-  /ip dns
-  set allow-remote-requests=yes
-  /ip dns static
-  add address=192.0.2.1 comment=defconf name=router.lan
-  /ip firewall address-list
-  add address=198.51.100.1 list=\"office\"
-  add address=198.51.100.2 list=\"nms\"
-  /ip firewall filter
-  add action=accept chain=input comment=\"defconf: accept established,related,untracked\" connection-state=established,related,untracked
-  add action=drop chain=input comment=\"defconf: drop invalid\" connection-state=invalid
-  add action=accept chain=input comment=\"defconf: accept ICMP\" protocol=icmp
-  add action=accept chain=input comment=\"Remote MGTM\" in-interface-list=WAN src-address-list=\"office\"
-  add action=accept chain=input in-interface-list=WAN src-address-list=\"nms\"
-  add action=accept chain=input comment=\"defconf: accept to local loopback (for CAPsMAN)\" dst-address=127.0.0.1
-  add action=drop chain=input comment=\"defconf: drop all not coming from LAN\" in-interface-list=!LAN
-  add action=accept chain=forward comment=\"defconf: accept in ipsec policy\" ipsec-policy=in,ipsec
-  add action=accept chain=forward comment=\"defconf: accept out ipsec policy\" ipsec-policy=out,ipsec
-  add action=fasttrack-connection chain=forward comment=\"defconf: fasttrack\" connection-state=established,related hw-offload=yes
-  add action=accept chain=forward comment=\"defconf: accept established,related, untracked\" connection-state=established,related,untracked
-  add action=drop chain=forward comment=\"defconf: drop invalid\" connection-state=invalid
-  add action=drop chain=forward comment=\"defconf: drop all from WAN not DSTNATed\" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
-  /ip firewall nat
-  add action=masquerade chain=srcnat comment=\"defconf: masquerade\" ipsec-policy=out,none out-interface-list=WAN
-  /ipv6 firewall address-list
-  add address=::/128 comment=\"defconf: unspecified address\" list=bad_ipv6
-  add address=::1/128 comment=\"defconf: lo\" list=bad_ipv6
-  add address=fec0::/10 comment=\"defconf: site-local\" list=bad_ipv6
-  add address=::ffff:0.0.0.0/96 comment=\"defconf: ipv4-mapped\" list=bad_ipv6
-  add address=::/96 comment=\"defconf: ipv4 compat\" list=bad_ipv6
-  add address=100::/64 comment=\"defconf: discard only \" list=bad_ipv6
-  add address=2001:db8::/32 comment=\"defconf: documentation\" list=bad_ipv6
-  add address=2001:10::/28 comment=\"defconf: ORCHID\" list=bad_ipv6
-  add address=3ffe::/16 comment=\"defconf: 6bone\" list=bad_ipv6
-  /ipv6 firewall filter
-  add action=accept chain=input comment=\"defconf: accept established,related,untracked\" connection-state=established,related,untracked
-  add action=drop chain=input comment=\"defconf: drop invalid\" connection-state=invalid
-  add action=accept chain=input comment=\"defconf: accept ICMPv6\" protocol=icmpv6
-  add action=accept chain=input comment=\"defconf: accept UDP traceroute\" port=33434-33534 protocol=udp
-  add action=accept chain=input comment=\"defconf: accept DHCPv6-Client prefix delegation.\" dst-port=546 protocol=udp src-address=fe80::/10
-  add action=accept chain=input comment=\"defconf: accept IKE\" dst-port=500,4500 protocol=udp
-  add action=accept chain=input comment=\"defconf: accept ipsec AH\" protocol=ipsec-ah
-  add action=accept chain=input comment=\"defconf: accept ipsec ESP\" protocol=ipsec-esp
-  add action=accept chain=input comment=\"defconf: accept all that matches ipsec policy\" ipsec-policy=in,ipsec
-  add action=drop chain=input comment=\"defconf: drop everything else not coming from LAN\" in-interface-list=!LAN
-  add action=accept chain=forward comment=\"defconf: accept established,related,untracked\" connection-state=established,related,untracked
-  add action=drop chain=forward comment=\"defconf: drop invalid\" connection-state=invalid
-  add action=drop chain=forward comment=\"defconf: drop packets with bad src ipv6\" src-address-list=bad_ipv6
-  add action=drop chain=forward comment=\"defconf: drop packets with bad dst ipv6\" dst-address-list=bad_ipv6
-  add action=drop chain=forward comment=\"defconf: rfc4890 drop hop-limit=1\" hop-limit=equal:1 protocol=icmpv6
-  add action=accept chain=forward comment=\"defconf: accept ICMPv6\" protocol=icmpv6
-  add action=accept chain=forward comment=\"defconf: accept HIP\" protocol=139
-  add action=accept chain=forward comment=\"defconf: accept IKE\" dst-port=500,4500 protocol=udp
-  add action=accept chain=forward comment=\"defconf: accept ipsec AH\" protocol=ipsec-ah
-  add action=accept chain=forward comment=\"defconf: accept ipsec ESP\" protocol=ipsec-esp
-  add action=accept chain=forward comment=\"defconf: accept all that matches ipsec policy\" ipsec-policy=in,ipsec
-  add action=drop chain=forward comment=\"defconf: drop everything else not coming from LAN\" in-interface-list=!LAN
-  /snmp
-  set contact=user enabled=yes location=\"Riga, LATIVA\" trap-community=community
-  /system clock
-  set time-zone-name=Europe/Riga
-  /system identity
-  set name=router
-  /system note
-  set show-at-login=no
-  /system routerboard settings
-  set enter-setup-on=delete-key
-  /tool mac-server
-  set allowed-interface-list=LAN
-  /tool mac-server mac-winbox
-  set allowed-interface-list=LAN