BGP routing filter ROS7

bgp-filter.txt

Replace $PREFIX-v4 and $PREFIX-v6 with your prefixes (eg. 192.0.2.0/24)
Replace $LEIGHT with the length of your prefix (eg. 24)


chain=BGP-IN-v4 rule="if ( dst==$PREFIX-v4 ) { reject }" 
chain=BGP-IN-v4 rule="if ( dst==192.168.0.0/16) { reject }" 
chain=BGP-IN-v4 rule="if ( dst==127.0.0.0/8) { reject }" 
chain=BGP-IN-v4 rule="if ( dst==10.0.0.0/8 ) { reject }" 
chain=BGP-IN-v4 rule="if ( dst==169.254.0.0/16) { reject }" 
chain=BGP-IN-v4 rule="if ( dst==172.16.0.0/12 ) { reject }" 
chain=BGP-IN-v4 rule="if ( dst==224.0.0.0/3 ) { reject }" 
chain=BGP-IN-v4 rule="if ( dst-len > 24 ) { reject }" 
chain=BGP-IN-v4 rule="accept" 

chain=BGP-OUT-v4 rule="if (dst in $PREFIX-v4 && dst-len == $LEIGHT) { accept; } " 

chain=BGP-IN-v6 rule="if ( dst==$PREFIX-v6 ) { reject }" 
chain=BGP-IN-v6 rule="if ( dst==fe80::/10) { reject }" 
chain=BGP-IN-v6 rule="if ( dst==ff00::/8 ) { reject }" 
chain=BGP-IN-v6 rule="if ( dst==fc00::/7) { reject }" 
chain=BGP-IN-v6 rule="if ( dst-len > 48 ) { reject }" 
chain=BGP-IN-v6 rule="accept" 

chain=BGP-OUT-v6 rule="if (dst in $PREFIX-v6 && dst-len == $LEIGHT) { accept; } "