diff options
author | uvok cheetah | 2024-06-23 12:29:46 +0200 |
---|---|---|
committer | uvok cheetah | 2024-06-23 12:31:06 +0200 |
commit | 791a2314b1886d5d1497a8b82e72a6699cda56a3 (patch) | |
tree | 6b962c8c14af3c6b9d31925cf3597f1ac672ba66 /roles/uvok_bird/templates | |
parent | 933c1e71ee08e09a2554ca37050213a6b6ae26ad (diff) |
Add default blackhole route
RPKI
Diffstat (limited to 'roles/uvok_bird/templates')
-rw-r--r-- | roles/uvok_bird/templates/clearnet.conf.j2 | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/roles/uvok_bird/templates/clearnet.conf.j2 b/roles/uvok_bird/templates/clearnet.conf.j2 index 95adec4..7abb0cd 100644 --- a/roles/uvok_bird/templates/clearnet.conf.j2 +++ b/roles/uvok_bird/templates/clearnet.conf.j2 @@ -25,6 +25,16 @@ protocol static myprefix { }; } +# blackhole everything else - activates RPKI filter! +protocol static default6 { + route ::/0 reject; + ipv6 { + table t_myas_trs; + import all; + export none; + }; +} + protocol direct { ipv6 { table t_myas_babel; }; interface "myas_int"; @@ -153,6 +163,10 @@ protocol kernel pk_myas_out { if (source = RTS_BGP) then { accept; } + # default route + if (source = RTS_STATIC) then { + accept; + } {% if uvok_bird_opts.use_fallback %} if (proto = "myas_def_fallb") then { accept; |