diff --git a/package/gluon-l3roamd/luasrc/lib/gluon/upgrade/320-firewall-l3roamd b/package/gluon-l3roamd/luasrc/lib/gluon/upgrade/320-firewall-l3roamd
index b1b28844..e69a9d77 100755
--- a/package/gluon-l3roamd/luasrc/lib/gluon/upgrade/320-firewall-l3roamd
+++ b/package/gluon-l3roamd/luasrc/lib/gluon/upgrade/320-firewall-l3roamd
@@ -1,6 +1,26 @@
 #!/usr/bin/lua
+
 local uci = require('simple-uci').cursor()
 
+uci:section('firewall', 'zone', 'l3roamd', {
+	name = 'l3roamd',
+	input = 'ACCEPT',
+	output = 'ACCEPT',
+	forward = 'REJECT',
+	device = 'l3roam+',
+	log = '1',
+})
+
+uci:section('firewall', 'forwarding', 'flc', {
+	src = 'l3roamd',
+	dest = 'loc_client',
+})
+
+uci:section('firewall', 'forwarding', 'fcl', {
+	src = 'loc_client',
+	dest = 'l3roamd',
+})
+
 uci:section('firewall', 'rule',  'mesh_l3roamd', {
 	name = 'mesh_l3roamd',
 	src = 'mesh',
diff --git a/package/gluon-mesh-babel/Makefile b/package/gluon-mesh-babel/Makefile
index 3abe66df..239d7132 100644
--- a/package/gluon-mesh-babel/Makefile
+++ b/package/gluon-mesh-babel/Makefile
@@ -9,7 +9,7 @@ include ../gluon.mk
 
 define Package/gluon-mesh-babel
   TITLE:=Babel mesh
-  DEPENDS:=+gluon-core +babeld +gluon-mmfd +libiwinfo +libgluonutil +firewall +libjson-c +libnl-tiny +libubus +libubox +libblobmsg-json +libbabelhelper +luabitop
+  DEPENDS:=+gluon-core +babeld +gluon-mesh-layer3-common +libiwinfo +libgluonutil +firewall +libjson-c +libnl-tiny +libubus +libubox +libblobmsg-json +libbabelhelper +luabitop
   PROVIDES:=gluon-mesh-provider
 endef
 
diff --git a/package/gluon-mesh-babel/luasrc/lib/gluon/upgrade/310-gluon-mesh-babel-firewall b/package/gluon-mesh-babel/luasrc/lib/gluon/upgrade/310-gluon-mesh-babel-firewall
index 5f3a8976..09daeba7 100755
--- a/package/gluon-mesh-babel/luasrc/lib/gluon/upgrade/310-gluon-mesh-babel-firewall
+++ b/package/gluon-mesh-babel/luasrc/lib/gluon/upgrade/310-gluon-mesh-babel-firewall
@@ -1,96 +1,6 @@
 #!/usr/bin/lua
 
 local uci = require('simple-uci').cursor()
-local site = require "gluon.site"
-
-uci:section('firewall', 'zone', 'l3roamd', {
-	name = 'l3roamd',
-	input = 'ACCEPT',
-	output = 'ACCEPT',
-	forward = 'REJECT',
-	device = 'l3roam+',
-	log = '1',
-})
-
-uci:section('firewall', 'zone', 'mmfd', {
-	name = 'mmfd',
-	input = 'REJECT',
-	output = 'accept',
-	forward = 'REJECT',
-	device = 'mmfd+',
-	log = '1',
-})
-
--- forwardings and respective rules
-uci:section('firewall', 'forwarding', 'fcc', {
-	src = 'loc_client',
-	dest = 'loc_client',
-})
-
-uci:section('firewall', 'forwarding', 'fcm', {
-	src = 'loc_client',
-	dest = 'mesh',
-})
-
-uci:section('firewall', 'forwarding', 'fmc', {
-	src = 'mesh',
-	dest = 'loc_client',
-})
-
-uci:section('firewall', 'forwarding', 'fmm', {
-	src = 'mesh',
-	dest = 'mesh',
-})
-
-uci:section('firewall', 'forwarding', 'flc', {
-	src = 'l3roamd',
-	dest = 'loc_client',
-})
-
-uci:section('firewall', 'forwarding', 'fcl', {
-	src = 'loc_client',
-	dest = 'l3roamd',
-})
-
-uci:section('firewall', 'rule',  'mesh_respondd_mcast_ll', {
-	src = 'mesh',
-	src_ip = 'fe80::/64' ,
-	dest_port = '1001',
-	proto = 'udp',
-	target = 'ACCEPT',
-})
-
-uci:section('firewall', 'rule',  'mesh_respondd_mcast2', {
-	src = 'mesh',
-	src_ip = site.node_prefix6(),
-	dest_port = '1001',
-	proto = 'udp',
-	target = 'ACCEPT',
-})
-
-uci:section('firewall', 'rule',  'mmfd_respondd_ll', {
-	src = 'mmfd',
-	src_ip = 'fe80::/64',
-	dest_port = '1001',
-	proto = 'udp',
-	target = 'ACCEPT',
-})
-
-uci:section('firewall', 'rule',  'mmfd_respondd_mesh', {
-	src = 'mmfd',
-	src_ip = site.node_prefix6(),
-	dest_port = '1001',
-	proto = 'udp',
-	target = 'ACCEPT',
-})
-
-uci:section('firewall', 'rule',  'mesh_mmfd', {
-	src = 'mesh',
-	src_ip = 'fe80::/64',
-	dest_port = '27275',
-	proto = 'udp',
-	target = 'ACCEPT',
-})
 
 uci:section('firewall', 'rule', 'mesh_babel', {
 	src = 'mesh',
diff --git a/package/gluon-mesh-layer3-common/Makefile b/package/gluon-mesh-layer3-common/Makefile
new file mode 100644
index 00000000..45ad2f57
--- /dev/null
+++ b/package/gluon-mesh-layer3-common/Makefile
@@ -0,0 +1,12 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=gluon-mesh-layer3-common
+
+include ../gluon.mk
+
+define Package/gluon-mesh-layer3-common
+  TITLE:=Layer3 common files
+  DEPENDS:=+gluon-core +gluon-mmfd +firewall
+endef
+
+$(eval $(call BuildPackageGluon,gluon-mesh-layer3-common))
diff --git a/package/gluon-mesh-layer3-common/check_site.lua b/package/gluon-mesh-layer3-common/check_site.lua
new file mode 100644
index 00000000..dd6ee348
--- /dev/null
+++ b/package/gluon-mesh-layer3-common/check_site.lua
@@ -0,0 +1,2 @@
+need_string_match(in_domain({'node_prefix6'}), '^[%x:]+/64$')
+
diff --git a/package/gluon-mesh-babel/luasrc/lib/gluon/radvd/arguments b/package/gluon-mesh-layer3-common/luasrc/lib/gluon/radvd/arguments
similarity index 100%
rename from package/gluon-mesh-babel/luasrc/lib/gluon/radvd/arguments
rename to package/gluon-mesh-layer3-common/luasrc/lib/gluon/radvd/arguments
diff --git a/package/gluon-mesh-babel/luasrc/lib/gluon/upgrade/300-gluon-mesh-babel-ip6 b/package/gluon-mesh-layer3-common/luasrc/lib/gluon/upgrade/250-layer3-ip6
similarity index 100%
rename from package/gluon-mesh-babel/luasrc/lib/gluon/upgrade/300-gluon-mesh-babel-ip6
rename to package/gluon-mesh-layer3-common/luasrc/lib/gluon/upgrade/250-layer3-ip6
diff --git a/package/gluon-mesh-layer3-common/luasrc/lib/gluon/upgrade/310-layer3-firewall b/package/gluon-mesh-layer3-common/luasrc/lib/gluon/upgrade/310-layer3-firewall
new file mode 100755
index 00000000..b6f53384
--- /dev/null
+++ b/package/gluon-mesh-layer3-common/luasrc/lib/gluon/upgrade/310-layer3-firewall
@@ -0,0 +1,25 @@
+#!/usr/bin/lua
+
+local uci = require('simple-uci').cursor()
+
+uci:section('firewall', 'forwarding', 'fcc', {
+	src = 'loc_client',
+	dest = 'loc_client',
+})
+
+uci:section('firewall', 'forwarding', 'fcm', {
+	src = 'loc_client',
+	dest = 'mesh',
+})
+
+uci:section('firewall', 'forwarding', 'fmc', {
+	src = 'mesh',
+	dest = 'loc_client',
+})
+
+uci:section('firewall', 'forwarding', 'fmm', {
+	src = 'mesh',
+	dest = 'mesh',
+})
+
+uci:save('firewall')
diff --git a/package/gluon-mmfd/luasrc/lib/gluon/upgrade/310-gluon-mmfd-firewall b/package/gluon-mmfd/luasrc/lib/gluon/upgrade/310-gluon-mmfd-firewall
new file mode 100755
index 00000000..5b533809
--- /dev/null
+++ b/package/gluon-mmfd/luasrc/lib/gluon/upgrade/310-gluon-mmfd-firewall
@@ -0,0 +1,55 @@
+#!/usr/bin/lua
+
+local uci = require('simple-uci').cursor()
+local site = require "gluon.site"
+
+uci:section('firewall', 'zone', 'mmfd', {
+	name = 'mmfd',
+	input = 'REJECT',
+	output = 'accept',
+	forward = 'REJECT',
+	device = 'mmfd+',
+	log = '1',
+})
+
+uci:section('firewall', 'rule',  'mesh_mmfd', {
+	src = 'mesh',
+	src_ip = 'fe80::/64',
+	dest_port = '27275',
+	proto = 'udp',
+	target = 'ACCEPT',
+})
+
+uci:section('firewall', 'rule',  'mesh_respondd_mcast_ll', {
+	src = 'mesh',
+	src_ip = 'fe80::/64' ,
+	dest_port = '1001',
+	proto = 'udp',
+	target = 'ACCEPT',
+})
+
+uci:section('firewall', 'rule',  'mesh_respondd_mcast2', {
+	src = 'mesh',
+	src_ip = site.node_prefix6() or site.prefix6(),
+	dest_port = '1001',
+	proto = 'udp',
+	target = 'ACCEPT',
+})
+
+uci:section('firewall', 'rule',  'mmfd_respondd_ll', {
+	src = 'mmfd',
+	src_ip = 'fe80::/64',
+	dest_port = '1001',
+	proto = 'udp',
+	target = 'ACCEPT',
+})
+
+uci:section('firewall', 'rule',  'mmfd_respondd_mesh', {
+	src = 'mmfd',
+	src_ip = site.node_prefix6() or site.prefix6(),
+	dest_port = '1001',
+	proto = 'udp',
+	target = 'ACCEPT',
+})
+
+uci:save('firewall')
diff --git a/package/gluon-mesh-babel/luasrc/lib/gluon/upgrade/430-gluon-mesh-babel-add-mmfd-interface b/package/gluon-mmfd/luasrc/lib/gluon/upgrade/430-gluon-mmfd-interface
similarity index 99%
rename from package/gluon-mesh-babel/luasrc/lib/gluon/upgrade/430-gluon-mesh-babel-add-mmfd-interface
rename to package/gluon-mmfd/luasrc/lib/gluon/upgrade/430-gluon-mmfd-interface
index 073d288e..8e500d16 100755
--- a/package/gluon-mesh-babel/luasrc/lib/gluon/upgrade/430-gluon-mesh-babel-add-mmfd-interface
+++ b/package/gluon-mmfd/luasrc/lib/gluon/upgrade/430-gluon-mmfd-interface
@@ -7,4 +7,5 @@ uci:section('network', 'interface', 'mmfd', {
 	ifname = 'mmfd0',
 	ip6addr = 'fe80::1/64'
 })
+
 uci:save('network')