From 791a2314b1886d5d1497a8b82e72a6699cda56a3 Mon Sep 17 00:00:00 2001
From: uvok cheetah
Date: Sun, 23 Jun 2024 12:29:46 +0200
Subject: Add default blackhole route

RPKI
---
 roles/uvok_bird/templates/clearnet.conf.j2 | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'roles/uvok_bird/templates/clearnet.conf.j2')

diff --git a/roles/uvok_bird/templates/clearnet.conf.j2 b/roles/uvok_bird/templates/clearnet.conf.j2
index 95adec4..7abb0cd 100644
--- a/roles/uvok_bird/templates/clearnet.conf.j2
+++ b/roles/uvok_bird/templates/clearnet.conf.j2
@@ -25,6 +25,16 @@ protocol static myprefix {
     };
 }
 
+# blackhole everything else - activates RPKI filter!
+protocol static default6 {
+    route ::/0 reject;
+    ipv6 {
+        table t_myas_trs;
+        import all;
+        export none;
+    };
+}
+
 protocol direct {
     ipv6 { table t_myas_babel; };
     interface "myas_int";
@@ -153,6 +163,10 @@ protocol kernel pk_myas_out {
             if (source = RTS_BGP) then {
                 accept;
             }
+            # default route
+            if (source = RTS_STATIC) then {
+                accept;
+            }
 {% if uvok_bird_opts.use_fallback %}
             if (proto = "myas_def_fallb") then {
                 accept;
-- 
cgit v1.2.3