Last active
February 26, 2020 22:23
-
-
Save hfuller/cd30ae371740e8596c2c7150b4248501 to your computer and use it in GitHub Desktop.
DN42 routing filters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0 ;;; Accept DN42 prefixes (next 2 lines) | |
| chain=dn42-in prefix=172.20.0.0/14 prefix-length=14-32 invert-match=no action=accept set-bgp-prepend-path="" | |
| 1 chain=dn42-in prefix=fd00::/8 prefix-length=32-128 invert-match=no action=accept set-bgp-prepend-path="" | |
| 2 ;;; Keep ChaosVPN in RIB not FIB (next 2 lines) | |
| chain=dn42-in prefix=172.31.0.0/16 prefix-length=16-32 invert-match=no action=reject set-bgp-prepend-path="" | |
| 3 chain=dn42-in prefix=10.0.0.0/8 prefix-length=8-32 invert-match=no action=reject set-bgp-prepend-path="" | |
| 4 ;;; Don't install anything else anywhere | |
| chain=dn42-in invert-match=no action=discard set-bgp-prepend-path="" | |
| 5 ;;; Dont pass work prefixes to dn42 peers (next 2 lines) | |
| chain=dn42-out match-chain=uah-prefixes invert-match=no action=reject set-bgp-prepend-path="" | |
| 6 chain=dn42-out match-chain=ace-prefixes invert-match=no action=reject set-bgp-prepend-path="" | |
| 7 ;;; Distribute DN42 space we learned via BGP (next 2 lines) | |
| chain=dn42-out prefix=172.20.0.0/14 prefix-length=14-32 protocol=bgp invert-match=no action=accept set-bgp-prepend-path="" | |
| 8 chain=dn42-out prefix=fd00::/8 prefix-length=32-128 protocol=bgp invert-match=no action=accept set-bgp-prepend-path="" | |
| 9 ;;; Distribute ChaosVPN we learned via BGP (next 2 lines) | |
| chain=dn42-out prefix=172.31.0.0/16 prefix-length=16-32 protocol=bgp invert-match=no action=accept set-bgp-prepend-path="" | |
| 10 chain=dn42-out prefix=10.0.0.0/8 prefix-length=8-32 protocol=bgp invert-match=no action=accept set-bgp-prepend-path="" | |
| 11 ;;; Default do not distribute | |
| chain=dn42-out invert-match=no action=reject set-bgp-prepend-path="" | |
| 12 ;;; Dont send this loopback for friends because it's used to build the GRE tunnels on which we run bgp! | |
| chain=friends-out prefix=192.168.15.17 prefix-length=32 invert-match=no action=discard set-bgp-prepend-path="" | |
| 13 ;;; Also don't send point-to-point links and loopbacks | |
| chain=friends-out prefix-length=30-32 address-family=ip invert-match=no action=discard set-bgp-prepend-path="" | |
| 14 ;;; Send my home networks. | |
| chain=friends-out prefix=192.168.0.0/16 prefix-length=16-32 invert-match=no action=accept set-bgp-prepend-path="" | |
| 15 ;;; Send my dn42 home prefix | |
| chain=friends-out prefix=172.23.163.128/27 prefix-length=27 invert-match=no action=accept set-bgp-prepend-path="" | |
| 16 ;;; Send DN42 to friends | |
| chain=friends-out match-chain=dn42-out invert-match=no action=accept set-bgp-prepend-path="" | |
| 17 ;;; DEFAULT DO NOT SEND to friends | |
| chain=friends-out invert-match=no action=discard set-bgp-prepend-path="" | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment