Browse Source

Import /var/db/rpki-client/roa and filter

discussed at length with claudio and benno
OPENBSD_6_7
deraadt 5 years ago
parent
commit
8eb27cfbce
1 changed files with 6 additions and 1 deletions
  1. +6
    -1
      src/etc/examples/bgpd.conf

+ 6
- 1
src/etc/examples/bgpd.conf View File

@ -1,4 +1,4 @@
# $OpenBSD: bgpd.conf,v 1.15 2018/11/17 17:22:38 deraadt Exp $
# $OpenBSD: bgpd.conf,v 1.16 2019/11/29 03:42:10 deraadt Exp $
# example bgpd configuration file, see bgpd.conf(5) # example bgpd configuration file, see bgpd.conf(5)
# define our own ASN as a macro # define our own ASN as a macro
@ -14,6 +14,8 @@ prefix-set mynetworks { \
2001:db8:abcd::/48 \ 2001:db8:abcd::/48 \
} }
include "/var/db/rpki-client/roa"
# define bogon prefixes which should not be part of the DFZ # define bogon prefixes which should not be part of the DFZ
prefix-set bogons { prefix-set bogons {
0.0.0.0/8 or-longer # 'this' network [RFC1122] 0.0.0.0/8 or-longer # 'this' network [RFC1122]
@ -116,6 +118,9 @@ match from any community GRACEFUL_SHUTDOWN set { localpref 0 }
deny quick from any prefix-set bogons deny quick from any prefix-set bogons
# deny RPKI invalid, built by rpki-client(8), see root crontab
deny quick from ebgp ovs invalid
# filter bogon AS numbers # filter bogon AS numbers
# AS_TRANS (23456) is not supposed to show up in any path and indicates a # AS_TRANS (23456) is not supposed to show up in any path and indicates a
# missconfiguration. Additionally Private or Reserved ASNs have no place in # missconfiguration. Additionally Private or Reserved ASNs have no place in


Loading…
Cancel
Save