|
@ -1,4 +1,4 @@ |
|
|
# $OpenBSD: bgpd.conf,v 1.15 2018/11/17 17:22:38 deraadt Exp $ |
|
|
|
|
|
|
|
|
# $OpenBSD: bgpd.conf,v 1.16 2019/11/29 03:42:10 deraadt Exp $ |
|
|
# example bgpd configuration file, see bgpd.conf(5) |
|
|
# example bgpd configuration file, see bgpd.conf(5) |
|
|
|
|
|
|
|
|
# define our own ASN as a macro |
|
|
# define our own ASN as a macro |
|
@ -14,6 +14,8 @@ prefix-set mynetworks { \ |
|
|
2001:db8:abcd::/48 \ |
|
|
2001:db8:abcd::/48 \ |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
include "/var/db/rpki-client/roa" |
|
|
|
|
|
|
|
|
# define bogon prefixes which should not be part of the DFZ |
|
|
# define bogon prefixes which should not be part of the DFZ |
|
|
prefix-set bogons { |
|
|
prefix-set bogons { |
|
|
0.0.0.0/8 or-longer # 'this' network [RFC1122] |
|
|
0.0.0.0/8 or-longer # 'this' network [RFC1122] |
|
@ -116,6 +118,9 @@ match from any community GRACEFUL_SHUTDOWN set { localpref 0 } |
|
|
|
|
|
|
|
|
deny quick from any prefix-set bogons |
|
|
deny quick from any prefix-set bogons |
|
|
|
|
|
|
|
|
|
|
|
# deny RPKI invalid, built by rpki-client(8), see root crontab |
|
|
|
|
|
deny quick from ebgp ovs invalid |
|
|
|
|
|
|
|
|
# filter bogon AS numbers |
|
|
# filter bogon AS numbers |
|
|
# AS_TRANS (23456) is not supposed to show up in any path and indicates a |
|
|
# AS_TRANS (23456) is not supposed to show up in any path and indicates a |
|
|
# missconfiguration. Additionally Private or Reserved ASNs have no place in |
|
|
# missconfiguration. Additionally Private or Reserved ASNs have no place in |
|
|