diff --git a/openwrt-configure.sh b/openwrt-configure.sh
index 53cc0e9..36bfae8 100644
--- a/openwrt-configure.sh
+++ b/openwrt-configure.sh
@@ -8,7 +8,7 @@ CRYPTO_LIB=${CRYPTO_LIB:-'openssl'}
COMMAND="opkg update"
if [[ "$FULL_WPAD" =~ yes|Yes ]]; then
- COMMAND="$COMMAND; opkg remove wpad-basic-wolfssl;"
+ COMMAND="$COMMAND; opkg remove wpad-basic-wolfssl"
COMMAND="$COMMAND; opkg remove wpad-basic-mbedtls; opkg install wpad-$CRYPTO_LIB"
fi
diff --git a/settings-configs/4A/bridger b/settings-configs/4A/bridger
new file mode 100644
index 0000000..cb43def
--- /dev/null
+++ b/settings-configs/4A/bridger
@@ -0,0 +1,3 @@
+config defaults
+ # example for blacklisting individual devices or bridges
+ # list blacklist eth0
diff --git a/settings-configs/4A/collectd b/settings-configs/4A/collectd
index 091dd9a..0757882 100644
--- a/settings-configs/4A/collectd
+++ b/settings-configs/4A/collectd
@@ -188,7 +188,8 @@ config globals 'globals'
#config plugin 'tcpconns'
# option enable '0'
-# list ListeningPort '0'
+# option ListeningPorts '0'
+# option AllPortsSummary '0'
# list LocalPort '22'
# list LocalPort '80'
diff --git a/settings-configs/4A/collectd.conf b/settings-configs/4A/collectd.conf
new file mode 100644
index 0000000..fca4826
--- /dev/null
+++ b/settings-configs/4A/collectd.conf
@@ -0,0 +1,44 @@
+BaseDir "/var/run/collectd"
+Include "/etc/collectd/conf.d/*.conf"
+PIDFile "/var/run/collectd.pid"
+PluginDir "/usr/lib/collectd"
+TypesDB "/usr/share/collectd/types.db"
+Interval 30
+ReadThreads 2
+
+
+LoadPlugin iwinfo
+
+LoadPlugin memory
+
+ ValuesPercentage false
+ ValuesAbsolute true
+
+
+LoadPlugin cpu
+
+ ValuesPercentage true
+ ReportByCpu true
+ ReportByState true
+
+
+LoadPlugin load
+
+LoadPlugin rrdtool
+
+ DataDir "/mnt/rrd"
+ RRARows 288
+ RRASingle true
+ RRATimespan 7200
+ RRATimespan 86400
+ RRATimespan 604800
+ RRATimespan 2678400
+ RRATimespan 31622400
+
+
+LoadPlugin interface
+
+ IgnoreSelected false
+ Interface "br-lan"
+
+
diff --git a/settings-configs/4A/firewall b/settings-configs/4A/firewall
new file mode 100644
index 0000000..36d8ad4
--- /dev/null
+++ b/settings-configs/4A/firewall
@@ -0,0 +1,123 @@
+
+config defaults
+ option input 'REJECT'
+ option output 'ACCEPT'
+ option forward 'REJECT'
+ option synflood_protect '1'
+ option flow_offloading '1'
+ option flow_offloading_hw '1'
+
+config zone
+ option name 'lan'
+ list network 'lan'
+ option input 'ACCEPT'
+ option output 'ACCEPT'
+ option forward 'ACCEPT'
+
+config zone
+ option name 'wan'
+ list network 'wan'
+ list network 'wan6'
+ option input 'REJECT'
+ option output 'ACCEPT'
+ option forward 'REJECT'
+ option masq '1'
+ option mtu_fix '1'
+
+config forwarding
+ option src 'lan'
+ option dest 'wan'
+
+config rule
+ option name 'Allow-DHCP-Renew'
+ option src 'wan'
+ option proto 'udp'
+ option dest_port '68'
+ option target 'ACCEPT'
+ option family 'ipv4'
+
+config rule
+ option name 'Allow-Ping'
+ option src 'wan'
+ option proto 'icmp'
+ option icmp_type 'echo-request'
+ option family 'ipv4'
+ option target 'ACCEPT'
+
+config rule
+ option name 'Allow-IGMP'
+ option src 'wan'
+ option proto 'igmp'
+ option family 'ipv4'
+ option target 'ACCEPT'
+
+config rule
+ option name 'Allow-DHCPv6'
+ option src 'wan'
+ option proto 'udp'
+ option dest_port '546'
+ option family 'ipv6'
+ option target 'ACCEPT'
+
+config rule
+ option name 'Allow-MLD'
+ option src 'wan'
+ option proto 'icmp'
+ option src_ip 'fe80::/10'
+ list icmp_type '130/0'
+ list icmp_type '131/0'
+ list icmp_type '132/0'
+ list icmp_type '143/0'
+ option family 'ipv6'
+ option target 'ACCEPT'
+
+config rule
+ option name 'Allow-ICMPv6-Input'
+ option src 'wan'
+ option proto 'icmp'
+ list icmp_type 'echo-request'
+ list icmp_type 'echo-reply'
+ list icmp_type 'destination-unreachable'
+ list icmp_type 'packet-too-big'
+ list icmp_type 'time-exceeded'
+ list icmp_type 'bad-header'
+ list icmp_type 'unknown-header-type'
+ list icmp_type 'router-solicitation'
+ list icmp_type 'neighbour-solicitation'
+ list icmp_type 'router-advertisement'
+ list icmp_type 'neighbour-advertisement'
+ option limit '1000/sec'
+ option family 'ipv6'
+ option target 'ACCEPT'
+
+config rule
+ option name 'Allow-ICMPv6-Forward'
+ option src 'wan'
+ option dest '*'
+ option proto 'icmp'
+ list icmp_type 'echo-request'
+ list icmp_type 'echo-reply'
+ list icmp_type 'destination-unreachable'
+ list icmp_type 'packet-too-big'
+ list icmp_type 'time-exceeded'
+ list icmp_type 'bad-header'
+ list icmp_type 'unknown-header-type'
+ option limit '1000/sec'
+ option family 'ipv6'
+ option target 'ACCEPT'
+
+config rule
+ option name 'Allow-IPSec-ESP'
+ option src 'wan'
+ option dest 'lan'
+ option proto 'esp'
+ option target 'ACCEPT'
+
+config rule
+ option name 'Allow-ISAKMP'
+ option src 'wan'
+ option dest 'lan'
+ option dest_port '500'
+ option proto 'udp'
+ option target 'ACCEPT'
+
diff --git a/settings-configs/4A/irqbalance b/settings-configs/4A/irqbalance
deleted file mode 100644
index 41dfde6..0000000
--- a/settings-configs/4A/irqbalance
+++ /dev/null
@@ -1,14 +0,0 @@
-config irqbalance 'irqbalance'
- option enabled '1'
-
- # Level at which irqbalance partitions cache domains.
- # Default is 2 (L2$).
- #option deepestcache '2'
-
- # The default value is 10 seconds
- #option interval '10'
-
- # List of IRQ's to ignore
- #list banirq '36'
- #list banirq '69'
-
diff --git a/settings-configs/4A/network b/settings-configs/4A/network
new file mode 100644
index 0000000..80e0b98
--- /dev/null
+++ b/settings-configs/4A/network
@@ -0,0 +1,41 @@
+
+config interface 'loopback'
+ option device 'lo'
+ option proto 'static'
+ option ipaddr '127.0.0.1'
+ option netmask '255.0.0.0'
+
+config globals 'globals'
+ option ula_prefix 'fd32:d110:fda5::/48'
+ option packet_steering '1'
+
+config device
+ option name 'br-lan'
+ option type 'bridge'
+ list ports 'lan1'
+ list ports 'lan2'
+ option igmp_snooping '1'
+
+config interface 'lan'
+ option device 'br-lan'
+ option proto 'static'
+ option ipaddr '192.168.88.2'
+ option netmask '255.255.255.0'
+ option ip6assign '60'
+ option gateway '192.168.88.1'
+ list dns '192.168.88.1'
+ list dns '1.1.1.1'
+ list dns '8.8.8.8'
+
+config interface 'wan'
+ option device 'wan'
+ option proto 'dhcp'
+ option auto '0'
+
+config interface 'wan6'
+ option device 'wan'
+ option proto 'dhcpv6'
+ option auto '0'
+ option reqaddress 'try'
+ option reqprefix 'auto'
+
diff --git a/settings-configs/4A/wireless b/settings-configs/4A/wireless
index 1e6a016..66a3806 100644
--- a/settings-configs/4A/wireless
+++ b/settings-configs/4A/wireless
@@ -9,6 +9,7 @@ config wifi-device 'radio0'
option country 'PL'
option cell_density '0'
option noscan '1'
+ option log_level '0'
config wifi-iface 'default_radio0'
option device 'radio0'
@@ -17,17 +18,27 @@ config wifi-iface 'default_radio0'
option ssid 'MyNetwork_2G'
option encryption 'psk2'
option key 'mypassword1234'
+ option ieee80211r '1'
+ option nasid '4a-2'
+ option mobility_domain 'abab'
+ option ft_over_ds '1'
+ option ft_psk_generate_local '1'
+ option ieee80211k '1'
+ option wnm_sleep_mode '1'
+ option bss_transition '1'
+ option macfilter 'deny'
+ list maclist '38:1f:8d:4c:6a:b5'
config wifi-device 'radio1'
option type 'mac80211'
option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
- option channel '124'
option band '5g'
option htmode 'VHT80'
option country 'PL'
option txpower '18'
option cell_density '0'
- option log_level '1'
+ option log_level '0'
+ option channel '140'
config wifi-iface 'default_radio1'
option device 'radio1'
@@ -36,11 +47,11 @@ config wifi-iface 'default_radio1'
option ssid 'MyNetwork'
option encryption 'psk2'
option key 'mypassword1234'
- option ieee80211r '1'
option nasid '4a-5'
option mobility_domain 'abab'
option ft_over_ds '1'
option ft_psk_generate_local '1'
+ option ieee80211r '1'
option ieee80211k '1'
option ieee80211v '1'
option bss_transition '1'
@@ -52,8 +63,11 @@ config wifi-iface 'wifinet3'
option mode 'ap'
option ssid 'MyNetwork_iot'
option encryption 'psk2'
+ option disassoc_low_ack '0'
option key 'mypassword1234'
- option network 'lan'
+ option ieee80211k '1'
+ option wnm_sleep_mode '1'
option bss_transition '1'
+ option network 'lan'
option disabled '1'