diff --git a/package/gluon-mmfd/luasrc/lib/gluon/upgrade/310-gluon-mmfd-firewall b/package/gluon-mmfd/luasrc/lib/gluon/upgrade/310-gluon-mmfd-firewall
new file mode 100755
index 0000000000000000000000000000000000000000..5b533809a8724d423798d7dc16e932639656d3ee
--- /dev/null
+++ b/package/gluon-mmfd/luasrc/lib/gluon/upgrade/310-gluon-mmfd-firewall
@@ -0,0 +1,55 @@
+#!/usr/bin/lua
+
+local uci = require('simple-uci').cursor()
+local site = require "gluon.site"
+
+uci:section('firewall', 'zone', 'mmfd', {
+	name = 'mmfd',
+	input = 'REJECT',
+	output = 'accept',
+	forward = 'REJECT',
+	device = 'mmfd+',
+	log = '1',
+})
+
+uci:section('firewall', 'rule',  'mesh_mmfd', {
+	src = 'mesh',
+	src_ip = 'fe80::/64',
+	dest_port = '27275',
+	proto = 'udp',
+	target = 'ACCEPT',
+})
+
+uci:section('firewall', 'rule',  'mesh_respondd_mcast_ll', {
+	src = 'mesh',
+	src_ip = 'fe80::/64' ,
+	dest_port = '1001',
+	proto = 'udp',
+	target = 'ACCEPT',
+})
+
+uci:section('firewall', 'rule',  'mesh_respondd_mcast2', {
+	src = 'mesh',
+	src_ip = site.node_prefix6() or site.prefix6(),
+	dest_port = '1001',
+	proto = 'udp',
+	target = 'ACCEPT',
+})
+
+uci:section('firewall', 'rule',  'mmfd_respondd_ll', {
+	src = 'mmfd',
+	src_ip = 'fe80::/64',
+	dest_port = '1001',
+	proto = 'udp',
+	target = 'ACCEPT',
+})
+
+uci:section('firewall', 'rule',  'mmfd_respondd_mesh', {
+	src = 'mmfd',
+	src_ip = site.node_prefix6() or site.prefix6(),
+	dest_port = '1001',
+	proto = 'udp',
+	target = 'ACCEPT',
+})
+
+uci:save('firewall')
diff --git a/package/gluon-mmfd/luasrc/lib/gluon/upgrade/430-gluon-mmfd-interface b/package/gluon-mmfd/luasrc/lib/gluon/upgrade/430-gluon-mmfd-interface
new file mode 100755
index 0000000000000000000000000000000000000000..8e500d16aab21b5ca59e0bb59b0889e92ccdc9a0
--- /dev/null
+++ b/package/gluon-mmfd/luasrc/lib/gluon/upgrade/430-gluon-mmfd-interface
@@ -0,0 +1,11 @@
+#!/usr/bin/lua
+
+local uci = require('simple-uci').cursor()
+
+uci:section('network', 'interface', 'mmfd', {
+	proto = 'static',
+	ifname = 'mmfd0',
+	ip6addr = 'fe80::1/64'
+})
+
+uci:save('network')