|
|
|
@ -1,4 +1,4 @@ |
|
|
|
# $OpenBSD: bgpd.conf,v 1.3 2004/02/07 20:03:30 henning Exp $ |
|
|
|
# $OpenBSD: bgpd.conf,v 1.4 2004/05/05 15:25:04 henning Exp $ |
|
|
|
# sample bgpd configuration file |
|
|
|
# see bgpd.conf(5) |
|
|
|
|
|
|
|
@ -42,3 +42,18 @@ neighbor 10.0.1.0 { |
|
|
|
tcp md5sig key deadbeef |
|
|
|
} |
|
|
|
|
|
|
|
# filter out prefixes longer than 24 or shorter than 8 bits |
|
|
|
deny from any |
|
|
|
allow from any prefixlen 8 - 24 |
|
|
|
|
|
|
|
# do not accept a default route |
|
|
|
deny from any prefix 0.0.0.0/0 |
|
|
|
|
|
|
|
# filter bogus networks |
|
|
|
deny from any prefix 10.0.0.0/8 prefixlen >= 8 |
|
|
|
deny from any prefix 172.16.0.0/12 prefixlen >= 12 |
|
|
|
deny from any prefix 192.168.0.0/16 prefixlen >= 16 |
|
|
|
deny from any prefix 169.254.0.0/16 prefixlen >= 16 |
|
|
|
deny from any prefix 192.0.2.0/24 prefixlen >= 24 |
|
|
|
deny from any prefix 224.0.0.0/4 prefixlen >= 4 |
|
|
|
deny from any prefix 240.0.0.0/4 prefixlen >= 4 |
henning
20 years ago