Update AX3200 router settings

settings-configs/AX3200/collectd

@@ -188,7 +188,8 @@ config globals 'globals'
 
 #config plugin 'tcpconns'
 #	option enable '0'
-#	list ListeningPort '0'
+#	option ListeningPorts '0'
+#	option AllPortsSummary '0'
 #	list LocalPort '22'
 #	list LocalPort '80'
 

settings-configs/AX3200/collectd.conf

@@ -0,0 +1,60 @@
+BaseDir "/var/run/collectd"
+Include "/etc/collectd/conf.d/*.conf"
+PIDFile "/var/run/collectd.pid"
+PluginDir "/usr/lib/collectd"
+TypesDB "/usr/share/collectd/types.db"
+Interval 30
+ReadThreads 2
+
+LoadPlugin cpu
+<Plugin cpu>
+	ValuesPercentage true
+	ReportByCpu true
+	ReportByState true
+</Plugin>
+
+LoadPlugin dns
+<Plugin dns>
+	Interface "br-lan"
+	IgnoreSource "127.0.0.1"
+</Plugin>
+
+LoadPlugin interface
+<Plugin interface>
+	IgnoreSelected false
+	Interface "br-lan"
+</Plugin>
+
+LoadPlugin irq
+<Plugin irq>
+	Irq "2"
+	Irq "3"
+	Irq "4"
+	Irq "7"
+</Plugin>
+
+LoadPlugin iwinfo
+
+LoadPlugin load
+
+LoadPlugin memory
+<Plugin memory>
+	ValuesPercentage false
+	ValuesAbsolute true
+</Plugin>
+
+LoadPlugin rrdtool
+<Plugin rrdtool>
+	DataDir "/mnt/rrd"
+	RRARows 288
+	RRASingle true
+</Plugin>
+
+LoadPlugin sensors
+<Plugin sensors>
+	Sensor "mt7615_phy0-isa-18000000/temperature-temp1"
+	Sensor "mt7915_phy1-pci-0100/temperature-temp1"
+</Plugin>
+
+LoadPlugin thermal
+

settings-configs/AX3200/dhcp

@@ -0,0 +1,45 @@
+
+config dnsmasq
+	option domainneeded '1'
+	option localise_queries '1'
+	option rebind_protection '1'
+	option rebind_localhost '1'
+	option local '/lan/'
+	option domain 'lan'
+	option expandhosts '1'
+	option cachesize '2500'
+	option authoritative '1'
+	option readethers '1'
+	option leasefile '/tmp/dhcp.leases'
+	option localservice '1'
+	option ednspacket_max '1232'
+	option doh_backup_noresolv '-1'
+	option noresolv '1'
+	list doh_backup_server '127.0.0.1#5053'
+	list doh_backup_server '127.0.0.1#5054'
+	list doh_backup_server '127.0.0.1#5055'
+	list server '127.0.0.1#5053'
+	list server '127.0.0.1#5054'
+	list server '127.0.0.1#5055'
+
+config dhcp 'lan'
+	option interface 'lan'
+	option start '100'
+	option limit '150'
+	option leasetime '12h'
+	option dhcpv4 'server'
+	option dhcpv6 'server'
+	option ra 'server'
+	option ra_slaac '1'
+	list ra_flags 'managed-config'
+	list ra_flags 'other-config'
+
+config odhcpd 'odhcpd'
+	option maindhcp '0'
+	option leasefile '/tmp/hosts/odhcpd'
+	option leasetrigger '/usr/sbin/odhcpd-update'
+	option loglevel '4'
+
+config dhcp 'wan'
+	option interface 'wan'
+	option ignore '1'

settings-configs/AX3200/firewall

@@ -0,0 +1,143 @@
+
+config defaults
+	option input 'ACCEPT'
+	option output 'ACCEPT'
+	option forward 'REJECT'
+	option synflood_protect '1'
+	option flow_offloading '1'
+	option flow_offloading_hw '1'
+
+config zone 'lan'
+	option name 'lan'
+	option input 'ACCEPT'
+	option output 'ACCEPT'
+	option forward 'ACCEPT'
+	option network 'lan'
+
+config zone 'wan'
+	option name 'wan'
+	option input 'REJECT'
+	option output 'ACCEPT'
+	option forward 'REJECT'
+	option masq '1'
+	option mtu_fix '1'
+	list network 'wan'
+	list network 'wan6'
+
+config forwarding
+	option src 'lan'
+	option dest 'wan'
+
+config rule
+	option name 'Allow-DHCP-Renew'
+	option src 'wan'
+	option proto 'udp'
+	option dest_port '68'
+	option target 'ACCEPT'
+	option family 'ipv4'
+
+config rule
+	option name 'Allow-Ping'
+	option src 'wan'
+	option proto 'icmp'
+	option icmp_type 'echo-request'
+	option family 'ipv4'
+	option target 'ACCEPT'
+
+config rule
+	option name 'Allow-IGMP'
+	option src 'wan'
+	option proto 'igmp'
+	option family 'ipv4'
+	option target 'ACCEPT'
+
+config rule
+	option name 'Allow-DHCPv6'
+	option src 'wan'
+	option proto 'udp'
+	option dest_port '546'
+	option family 'ipv6'
+	option target 'ACCEPT'
+
+config rule
+	option name 'Allow-MLD'
+	option src 'wan'
+	option proto 'icmp'
+	option src_ip 'fe80::/10'
+	list icmp_type '130/0'
+	list icmp_type '131/0'
+	list icmp_type '132/0'
+	list icmp_type '143/0'
+	option family 'ipv6'
+	option target 'ACCEPT'
+
+config rule
+	option name 'Allow-ICMPv6-Input'
+	option src 'wan'
+	option proto 'icmp'
+	list icmp_type 'echo-request'
+	list icmp_type 'echo-reply'
+	list icmp_type 'destination-unreachable'
+	list icmp_type 'packet-too-big'
+	list icmp_type 'time-exceeded'
+	list icmp_type 'bad-header'
+	list icmp_type 'unknown-header-type'
+	list icmp_type 'router-solicitation'
+	list icmp_type 'neighbour-solicitation'
+	list icmp_type 'router-advertisement'
+	list icmp_type 'neighbour-advertisement'
+	option limit '1000/sec'
+	option family 'ipv6'
+	option target 'ACCEPT'
+
+config rule
+	option name 'Allow-ICMPv6-Forward'
+	option src 'wan'
+	option dest '*'
+	option proto 'icmp'
+	list icmp_type 'echo-request'
+	list icmp_type 'echo-reply'
+	list icmp_type 'destination-unreachable'
+	list icmp_type 'packet-too-big'
+	list icmp_type 'time-exceeded'
+	list icmp_type 'bad-header'
+	list icmp_type 'unknown-header-type'
+	option limit '1000/sec'
+	option family 'ipv6'
+	option target 'ACCEPT'
+
+config rule
+	option name 'Allow-IPSec-ESP'
+	option src 'wan'
+	option dest 'lan'
+	option proto 'esp'
+	option target 'ACCEPT'
+
+config rule
+	option name 'Allow-ISAKMP'
+	option src 'wan'
+	option dest 'lan'
+	option dest_port '500'
+	option proto 'udp'
+	option target 'ACCEPT'
+
+config redirect
+	option dest 'lan'
+	option target 'DNAT'
+	option name 'test'
+	option src 'wan'
+	option src_dport '3000'
+	option dest_ip '192.168.88.247'
+	option dest_port '3000'
+	option enabled '0'
+
+config redirect
+	option dest 'lan'
+	option target 'DNAT'
+	option name 'iperf3'
+	option src 'wan'
+	option src_dport '29418'
+	option dest_ip '192.168.88.100'
+	option dest_port '29418'
+	option enabled '0'
+

settings-configs/AX3200/https-dns-proxy

@@ -9,7 +9,7 @@ config main 'config'
 config https-dns-proxy
 	option resolver_url 'https://cloudflare-dns.com/dns-query'
 	option listen_addr '127.0.0.1'
-	option listen_port '5054'
+	option listen_port '5053'
 	option user 'nobody'
 	option group 'nogroup'
 	option bootstrap_dns '1.1.1.1,1.0.0.1,2606:4700:4700::1111,2606:4700:4700::1001'
@@ -17,7 +17,7 @@ config https-dns-proxy
 config https-dns-proxy
 	option resolver_url 'https://dns.google/dns-query'
 	option listen_addr '127.0.0.1'
-	option listen_port '5053'
+	option listen_port '5054'
 	option user 'nobody'
 	option group 'nogroup'
 	option bootstrap_dns '8.8.8.8,8.8.4.4,2001:4860:4860::8888,2001:4860:4860::8844'

settings-configs/AX3200/irqbalance

@@ -1,10 +0,0 @@
-config irqbalance 'irqbalance'
-	option enabled '1'
-
-	# The default value is 10 seconds
-	#option interval '10'
-
-	# List of IRQ's to ignore
-	#list banirq '36'
-	#list banirq '69'
-

settings-configs/AX3200/network

@@ -0,0 +1,49 @@
+
+config interface 'loopback'
+	option device 'lo'
+	option proto 'static'
+	option ipaddr '127.0.0.1'
+	option netmask '255.0.0.0'
+
+config globals 'globals'
+	option packet_steering '1'
+
+config device
+	option name 'br-lan'
+	option type 'bridge'
+	list ports 'lan1'
+	list ports 'lan2'
+	list ports 'lan3'
+	option igmp_snooping '1'
+	option stp '1'
+
+config interface 'lan'
+	option device 'br-lan'
+	option proto 'static'
+	option netmask '255.255.255.0'
+	option ip6assign '60'
+	option ipaddr '192.168.88.1'
+	option ipv6 '0'
+	option delegate '0'
+
+config device
+	option name 'wan'
+	option macaddr '5c:02:14:30:1e:5a'
+
+config interface 'wan'
+	option device 'wan'
+	option proto 'dhcp'
+	option peerdns '0'
+	list dns '1.1.1.1'
+	list dns '8.8.8.8'
+	list dns '9.9.9.9'
+	option ipv6 '0'
+
+config interface 'wan6'
+	option device 'wan'
+	option proto 'dhcpv6'
+	option reqaddress 'try'
+	option reqprefix 'auto'
+	option peerdns '0'
+	list dns '2606:4700:4700::1111'
+	list dns '2001:4860:4860::8888'

settings-configs/AX3200/sqm

@@ -1,13 +1,15 @@
+# https://www.waveform.com/tools/bufferbloat?test-id=992b05f5-5e29-494e-b39d-dfa12c67c157
+# With this settings, result is A+ in bufferbloat test with enabled SW+HW offload
 
 config queue 'eth1'
 	option enabled '1'
 	option interface 'wan'
-	option download '880000'
-	option upload '880000'
-	option qdisc 'cake'
+	option download '840000'
+	option upload '840000'
+	option qdisc 'fq_codel'
 	option script 'simplest_tbf.qos'
 	option linklayer 'ethernet'
-	option debug_logging '1'
+	option debug_logging '0'
 	option verbosity '5'
 	option overhead '44'
 	option linklayer_advanced '1'

settings-configs/AX3200/wireless

@@ -17,6 +17,11 @@ config wifi-iface 'default_radio0'
 	option ssid 'MyNetwork_2G'
 	option encryption 'psk2'
 	option key 'mypassword1234'
+	option wnm_sleep_mode '1'
+	option bss_transition '1'
+	option ieee80211k '1'
+	option macfilter 'deny'
+	list maclist '38:1f:8d:4c:6a:b5'
 
 config wifi-device 'radio1'
 	option type 'mac80211'
@@ -25,7 +30,7 @@ config wifi-device 'radio1'
 	option band '5g'
 	option htmode 'HE160'
 	option country 'PL'
-	option txpower '23'
+	option txpower '24'
 	option cell_density '0'
 	option log_level '1'
 
@@ -56,4 +61,6 @@ config wifi-iface 'wifinet3'
 	option network 'lan'
 	option bss_transition '1'
 	option disassoc_low_ack '0'
+	option wnm_sleep_mode '1'
+	option multicast_to_unicast '1'