Use quantum-labs bogons

author: uvok cheetah 2024-06-26 18:46:34 +0200
committer: uvok cheetah 2024-06-26 18:46:34 +0200
commit: d32136a486a12680c5795a41e4250acfc81155d6 (patch)
tree: afa7002c23eac090815d507ab84ba5219dd849b9
parent: 3690ccbe4a7eb6b4e79591b07905813112fe9d49 (diff)
1 files changed, 53 insertions, 22 deletions
diff --git a/roles/uvok_bird/files/clear_filters.conf b/roles/uvok_bird/files/clear_filters.conf
index 416d0bd..bb01b4c 100644
--- a/roles/uvok_bird/files/clear_filters.conf
+++ b/roles/uvok_bird/files/clear_filters.conf
@@ -3,28 +3,59 @@
 ## IMPORT FILTERS
 
 define BOGON_ASNS = [
-  0,                      # RFC 7607
-  23456,                  # RFC 4893 AS_TRANS
-  64496..64511,           # RFC 5398 and documentation/example ASNs
-  64512..65534,           # RFC 6996 Private ASNs
-  65535,                  # RFC 7300 Last 16 bit ASN
-  65536..65551,           # RFC 5398 and documentation/example ASNs
-  65552..131071,          # RFC IANA reserved ASNs
-  4200000000..4294967294, # RFC 6996 Private ASNs
-  4294967295 ];           # RFC 7300 Last 32 bit ASN
-
-define BOGON_PREFIXES = [ ::/0,                          # Default route
-                          ::/8+,                         # RFC 4291 IPv4-compatible, loopback, et al
-                          0100::/64+,                    # RFC 6666 Discard-Only
-                          2001:2::/48+,                  # RFC 5180 BMWG
-                          2001:10::/28+,                 # RFC 4843 ORCHID
-                          2001:db8::/32+,                # RFC 3849 documentation
-                          2002::/16+,                    # RFC 7526 6to4 anycast relay
-                          3ffe::/16+,                    # RFC 3701 old 6bone
-                          fc00::/7+,                     # RFC 4193 unique local unicast
-                          fe80::/10+,                    # RFC 4291 link local unicast
-                          fec0::/10+,                    # RFC 3879 old site local unicast
-                          ff00::/8+                      # RFC 4291 multicast
+    0,                      # RFC 7607
+    23456,                  # RFC 4893 AS_TRANS
+    64496..64511,           # RFC 5398 and documentation/example ASNs
+    64512..65534,           # RFC 6996 Private ASNs
+    65535,                  # RFC 7300 Last 16 bit ASN
+    65536..65551,           # RFC 5398 and documentation/example ASNs
+    65552..131071,          # RFC IANA reserved ASNs
+    4200000000..4294967294, # RFC 6996 Private ASNs
+    4294967295 ];           # RFC 7300 Last 32 bit ASN
+
+# taken from https://github.com/quantum5/bird-filter/blob/master/filter_bgp.conf
+define BOGON_PREFIXES = [
+    ::/0,                   # Default
+    ::/96,                  # IPv4-compatible IPv6 address - deprecated by RFC4291
+    ::/128,                 # Unspecified address
+    ::1/128,                # Local host loopback address
+    ::ffff:0.0.0.0/96+,     # IPv4-mapped addresses
+    ::224.0.0.0/100+,       # Compatible address (IPv4 format)
+    ::127.0.0.0/104+,       # Compatible address (IPv4 format)
+    ::0.0.0.0/104+,         # Compatible address (IPv4 format)
+    ::255.0.0.0/104+,       # Compatible address (IPv4 format)
+    0000::/8+,              # Pool used for unspecified, loopback and embedded IPv4 addresses (RFC 4291?)
+    0100::/8+,              # RFC 6666 - reserved for Discard-Only Address Block
+    0200::/7+,              # OSI NSAP-mapped prefix set (RFC4548) - deprecated by RFC4048
+    0400::/6+,              # RFC 4291 - Reserved by IETF
+    0800::/5+,              # RFC 4291 - Reserved by IETF
+    1000::/4+,              # RFC 4291 - Reserved by IETF
+    2001:2::/48+,           # RFC 5180 BMWG -- https://bgpfilterguide.nlnog.net/guides/bogon_asns/
+    2001:10::/28+,          # RFC 4843 - Deprecated (previously ORCHID)
+    2001:20::/28+,          # RFC 7343 - ORCHIDv2
+    2001:db8::/32+,         # Reserved by IANA for special purposes and documentation (RFC 3849)
+    2002::/16+,             # RFC 7526 6to4 anycast relay -- https://bgpfilterguide.nlnog.net/guides/bogon_asns/
+    2002:e000::/20+,        # Invalid 6to4 packets (IPv4 multicast)
+    2002:7f00::/24+,        # Invalid 6to4 packets (IPv4 loopback)
+    2002:0000::/24+,        # Invalid 6to4 packets (IPv4 default)
+    2002:ff00::/24+,        # Invalid 6to4 packets
+    2002:0a00::/24+,        # Invalid 6to4 packets (IPv4 private 10.0.0.0/8 network)
+    2002:ac10::/28+,        # Invalid 6to4 packets (IPv4 private 172.16.0.0/12 network)
+    2002:c0a8::/32+,        # Invalid 6to4 packets (IPv4 private 192.168.0.0/16 network)
+    3ffe::/16+,             # Former 6bone, now decommissioned
+    4000::/3+,              # RFC 4291 - Reserved by IETF
+    5f00::/8+,              # RFC 5156 - used for the 6bone but was returned
+    6000::/3+,              # RFC 4291 - Reserved by IETF
+    8000::/3+,              # RFC 4291 - Reserved by IETF
+    a000::/3+,              # RFC 4291 - Reserved by IETF
+    c000::/3+,              # RFC 4291 - Reserved by IETF
+    e000::/4+,              # RFC 4291 - Reserved by IETF
+    f000::/5+,              # RFC 4291 - Reserved by IETF
+    f800::/6+,              # RFC 4291 - Reserved by IETF
+    fc00::/7+,              # Unicast Unique Local Addresses (ULA) - RFC 4193
+    fe80::/10+,             # Link-local Unicast (RFC 4291)
+    fec0::/10+,             # Site-local Unicast - deprecated by RFC 3879 (replaced by ULA)
+    ff00::/8+               # Multicast
 ];
 
 # not supported (yet???)
author	uvok cheetah	2024-06-26 18:46:34 +0200
committer	uvok cheetah	2024-06-26 18:46:34 +0200
commit	d32136a486a12680c5795a41e4250acfc81155d6 (patch)
tree	afa7002c23eac090815d507ab84ba5219dd849b9
parent	3690ccbe4a7eb6b4e79591b07905813112fe9d49 (diff)