Browse Source

Add operators =, !=, - (range), >< (exclsive range) to the as-path

filters (AS, peer-as, source-as, transit-as).
Add a use case (block illegal AS numbers) to the bgpd.conf example.
feedback from claudio, sthen, florian,
ok florian@ phessler@
OPENBSD_6_0
benno 8 years ago
parent
commit
caa98a6441
1 changed files with 12 additions and 1 deletions
  1. +12
    -1
      src/etc/examples/bgpd.conf

+ 12
- 1
src/etc/examples/bgpd.conf View File

@ -1,4 +1,4 @@
# $OpenBSD: bgpd.conf,v 1.3 2015/09/11 18:59:00 sthen Exp $
# $OpenBSD: bgpd.conf,v 1.4 2016/06/03 17:36:37 benno Exp $
# sample bgpd configuration file # sample bgpd configuration file
# see bgpd.conf(5) # see bgpd.conf(5)
@ -119,3 +119,14 @@ deny from any prefix fc00::/7 prefixlen >= 7 # unique local unicast
deny from any prefix fe80::/10 prefixlen >= 10 # link local unicast deny from any prefix fe80::/10 prefixlen >= 10 # link local unicast
deny from any prefix fec0::/10 prefixlen >= 10 # old site local unicast deny from any prefix fec0::/10 prefixlen >= 10 # old site local unicast
deny from any prefix ff00::/8 prefixlen >= 8 # multicast deny from any prefix ff00::/8 prefixlen >= 8 # multicast
# filter bogon AS numbers
# http://www.iana.org/assignments/as-numbers/as-numbers.xhtml
deny from any AS 23456 # AS_TRANS
deny from any AS 64496 - 64511 # Reserved for use in docs and code RFC5398
deny from any AS 64512 - 65534 # Reserved for Private Use RFC6996
deny from any AS 65535 # Reserved RFC7300
deny from any AS 65536 - 65551 # Reserved for use in docs and code RFC5398
deny from any AS 65552 - 131071 # Reserved
deny from any AS 4200000000 - 4294967294 # Reserved for Private Use RFC6996
deny from any AS 4294967295 # Reserved RFC7300

Loading…
Cancel
Save