Fincer
/
openntpd-openbsd
mirror of https://github.com/Fincer/openntpd-openbsd
1
0
Fork 0
Code Issues 0 Projects 0 Releases 61 Wiki Activity
Source code pulled from OpenBSD for OpenNTPD. The place to contribute to this code is via the OpenBSD CVS tree.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4060 Commits
49 Branches
132 MiB
 
 
 
 
 
 
Tree: 2f3df13003
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2f3df13003'
${ noResults }
openntpd-openbsd/src/etc/bgpd.conf

91 lines
1.9 KiB
Raw Blame History

# $OpenBSD: bgpd.conf,v 1.7 2004/10/01 15:12:16 henning Exp $
# sample bgpd configuration file
# see bgpd.conf(5)
#macros
peer1="10.1.0.2"
peer2="10.1.0.3"
# global configuration
AS 65001
router-id 10.0.0.1
# holdtime 180
# holdtime min 3
# listen on 127.0.0.1
# listen on ::1
# fib-update no
# route-collector no
# log updates
# network 10.0.1.0/24
# neighbors and peers
group "peering AS65002" {
remote-as 65002
neighbor $peer1 {
descr "AS 65001 peer 1"
announce self
tcp md5sig password mekmitasdigoat
}
neighbor $peer2 {
descr "AS 65001 peer 2"
announce all
local-address 10.0.0.8
ipsec esp ike
}
}
group "peering AS65042" {
descr "peering AS 65042"
local-address 10.0.0.8
ipsec ah ike
neighbor 10.2.0.1
neighbor 10.2.0.2
}
neighbor 10.0.1.0 {
remote-as 65003
descr upstream
multihop 2
local-address 10.0.0.8
passive
holdtime 180
holdtime min 3
announce none
tcp md5sig key deadbeef
}
neighbor 10.0.2.0 {
remote-as 65004
descr upstream2
local-address 10.0.0.8
ipsec ah ike
}
neighbor 10.0.0.0/24 {
descr "template for local peers"
}
neighbor 10.2.1.1 {
remote-as 65023
local-address 10.0.0.8
ipsec esp in spi 10 sha1 0a4f1d1f1a1c4f3c9e2f6f0f2a8e9c8c5a1b0b3b \
aes 0c1b3a6c7d7a8d2e0e7b4f3d5e8e6c1e
ipsec esp out spi 12 sha1 0e9c8f6a8e2c7d3a0b5d0d0f0a3c5c1d2b8e0f8b \
aes 4e0f2f1b5c4e3c0d0e2f2d3b8c5c8f0b
}
# filter out prefixes longer than 24 or shorter than 8 bits
deny from any
allow from any prefixlen 8 - 24
# do not accept a default route
deny from any prefix 0.0.0.0/0
# filter bogus networks
deny from any prefix 10.0.0.0/8 prefixlen >= 8
deny from any prefix 172.16.0.0/12 prefixlen >= 12
deny from any prefix 192.168.0.0/16 prefixlen >= 16
deny from any prefix 169.254.0.0/16 prefixlen >= 16
deny from any prefix 192.0.2.0/24 prefixlen >= 24
deny from any prefix 224.0.0.0/4 prefixlen >= 4
deny from any prefix 240.0.0.0/4 prefixlen >= 4