summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoruvok cheetah2024-06-23 12:29:46 +0200
committeruvok cheetah2024-06-23 12:31:06 +0200
commit791a2314b1886d5d1497a8b82e72a6699cda56a3 (patch)
tree6b962c8c14af3c6b9d31925cf3597f1ac672ba66
parent933c1e71ee08e09a2554ca37050213a6b6ae26ad (diff)
Add default blackhole route
RPKI
-rw-r--r--roles/uvok_bird/templates/clearnet.conf.j214
1 files changed, 14 insertions, 0 deletions
diff --git a/roles/uvok_bird/templates/clearnet.conf.j2 b/roles/uvok_bird/templates/clearnet.conf.j2
index 95adec4..7abb0cd 100644
--- a/roles/uvok_bird/templates/clearnet.conf.j2
+++ b/roles/uvok_bird/templates/clearnet.conf.j2
@@ -25,6 +25,16 @@ protocol static myprefix {
};
}
+# blackhole everything else - activates RPKI filter!
+protocol static default6 {
+ route ::/0 reject;
+ ipv6 {
+ table t_myas_trs;
+ import all;
+ export none;
+ };
+}
+
protocol direct {
ipv6 { table t_myas_babel; };
interface "myas_int";
@@ -153,6 +163,10 @@ protocol kernel pk_myas_out {
if (source = RTS_BGP) then {
accept;
}
+ # default route
+ if (source = RTS_STATIC) then {
+ accept;
+ }
{% if uvok_bird_opts.use_fallback %}
if (proto = "myas_def_fallb") then {
accept;