mirror of
https://git.dn42.dev/wiki/wiki.git
synced 2025-02-24 18:35:54 +01:00
Updated birdconf (markdown)
This commit is contained in:
parent
d58fe67733
commit
577c0ce55f
@ -1 +0,0 @@
|
|||||||
Hosted by: [xuu](mailto:xuu@sour.is), [nurtic-vibe](mailto:nurtic-vibe@grmml.net), [toBee](mailto:tom@xcv.vc), [burble](mailto:dn42@burble.com) | Accessible via: [dn42](http://wiki.dn42), [tor](http://jsptropkiix3ki5u.onion), [i2p](http://beb6v2i4jevo72vvnx6segsk4zv3pu3prbwcfuta3bzrcv7boy2q.b32.i2p/)
|
|
47
_Sidebar.md
47
_Sidebar.md
@ -1,47 +0,0 @@
|
|||||||
* [Home](/Home)
|
|
||||||
* [Getting Started](/howto/Getting-Started)
|
|
||||||
* [Registry Authentication](/howto/Registry-Authentication)
|
|
||||||
* [Address Space](/howto/Address-Space)
|
|
||||||
* [FAQ](/FAQ)
|
|
||||||
|
|
||||||
* How-To
|
|
||||||
* [Wireguard](/howto/wireguard)
|
|
||||||
* [Openvpn](/howto/openvpn)
|
|
||||||
* [IPsec With Public Keys](/howto/IPsec-with-PublicKeys)
|
|
||||||
* [Tinc](/howto/tinc)
|
|
||||||
* [GRE on FreeBSD](/howto/GRE-on-FreeBSD)
|
|
||||||
* [GRE on OpenBSD](/howto/GRE-on-OpenBSD)
|
|
||||||
* [IPv6 Multicast (PIM-SM)](/howto/IPv6-Multicast)
|
|
||||||
* [Bird](/howto/Bird) / [Bird2](/howto/Bird2)
|
|
||||||
* [Quagga](/howto/Quagga)
|
|
||||||
* [OpenBGPD](/howto/OpenBGPD)
|
|
||||||
* [Mikrotik RouterOS](/howto/mikrotik)
|
|
||||||
* [EdgeRouter](/howto/EdgeOS-Config)
|
|
||||||
* [Static routes on Windows](/howto/Static-routes-on-Windows)
|
|
||||||
* [Universal Network Requirements](/howto/networksettings)
|
|
||||||
* [VyOS](/howto/vyos)
|
|
||||||
* [NixOS](/howto/nixos)
|
|
||||||
|
|
||||||
* Services
|
|
||||||
* [IRC](/services/IRC)
|
|
||||||
* [Whois registry](/services/Whois)
|
|
||||||
* [DNS](/services/DNS)
|
|
||||||
* [Public DNS](/services/Clearnet-Domains)
|
|
||||||
* [Looking Glasses](/services/Looking-Glasses)
|
|
||||||
* [Repository Mirrors](/services/Repository-Mirrors)
|
|
||||||
* [Distributed Wiki](/services/Distributed-Wiki)
|
|
||||||
* [Certificate Authority](/services/Certificate-Authority)
|
|
||||||
* [Route Collector](/services/Route-Collector)
|
|
||||||
|
|
||||||
* Internal
|
|
||||||
* [Internal services](/internal/Internal-Services)
|
|
||||||
* [Interconnections](/internal/Interconnections)
|
|
||||||
* [APIs](/internal/APIs)
|
|
||||||
* [Historical services](/internal/Historical-Services)
|
|
||||||
|
|
||||||
* External Tools
|
|
||||||
* [Paste Board](/https://paste.dn42.us)
|
|
||||||
* [Git Repositories](/https://git.dn42.dev)
|
|
||||||
|
|
||||||
--------------
|
|
||||||
|
|
@ -1,150 +0,0 @@
|
|||||||
#############################################
|
|
||||||
# Variable header #
|
|
||||||
################################################
|
|
||||||
|
|
||||||
|
|
||||||
define OWNAS = 4242422322;
|
|
||||||
define OWNIP = 172.22.181.193;
|
|
||||||
define OWNIPv6 = fd42:4242:2322::1;
|
|
||||||
define OWNNET = 172.22.181.192/27;
|
|
||||||
define OWNNETv6 = fd42:4242:2322::/48;
|
|
||||||
define OWNNETSET = [172.22.181.192/27+];
|
|
||||||
define OWNNETSETv6 = [fd42:4242:2322::/48+];
|
|
||||||
|
|
||||||
################################################
|
|
||||||
# Header end #
|
|
||||||
################################################
|
|
||||||
|
|
||||||
router id OWNIP;
|
|
||||||
|
|
||||||
protocol device {
|
|
||||||
scan time 10;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Utility functions
|
|
||||||
*/
|
|
||||||
|
|
||||||
function is_self_net() {
|
|
||||||
return net ~ OWNNETSET;
|
|
||||||
}
|
|
||||||
|
|
||||||
function is_self_net_v6() {
|
|
||||||
return net ~ OWNNETSETv6;
|
|
||||||
}
|
|
||||||
|
|
||||||
function is_valid_network() {
|
|
||||||
return net ~ [
|
|
||||||
172.20.0.0/14{21,29}, # dn42
|
|
||||||
172.20.0.0/24{28,32}, # dn42 Anycast
|
|
||||||
172.21.0.0/24{28,32}, # dn42 Anycast
|
|
||||||
172.22.0.0/24{28,32}, # dn42 Anycast
|
|
||||||
172.23.0.0/24{28,32}, # dn42 Anycast
|
|
||||||
172.31.0.0/16+, # ChaosVPN
|
|
||||||
10.100.0.0/14+, # ChaosVPN
|
|
||||||
10.0.0.0/8{15,24} # Freifunk.net
|
|
||||||
];
|
|
||||||
}
|
|
||||||
|
|
||||||
roa4 table dn42_roa;
|
|
||||||
roa6 table dn42_roa_v6;
|
|
||||||
|
|
||||||
protocol static {
|
|
||||||
roa4 { table dn42_roa; };
|
|
||||||
include "/etc/bird/roa4.conf";
|
|
||||||
};
|
|
||||||
|
|
||||||
protocol static {
|
|
||||||
roa6 { table dn42_roa_v6; };
|
|
||||||
include "/etc/bird/roa6.conf";
|
|
||||||
};
|
|
||||||
|
|
||||||
function is_valid_network_v6() {
|
|
||||||
return net ~ [
|
|
||||||
fd00::/8{44,64} # ULA address space as per RFC 4193
|
|
||||||
];
|
|
||||||
}
|
|
||||||
|
|
||||||
protocol kernel {
|
|
||||||
scan time 20;
|
|
||||||
|
|
||||||
ipv6 {
|
|
||||||
import none;
|
|
||||||
export filter {
|
|
||||||
if source = RTS_STATIC then reject;
|
|
||||||
krt_prefsrc = OWNIPv6;
|
|
||||||
accept;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
protocol kernel {
|
|
||||||
scan time 20;
|
|
||||||
|
|
||||||
ipv4 {
|
|
||||||
import none;
|
|
||||||
export filter {
|
|
||||||
if source = RTS_STATIC then reject;
|
|
||||||
krt_prefsrc = OWNIP;
|
|
||||||
accept;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
protocol static {
|
|
||||||
route OWNNET reject;
|
|
||||||
|
|
||||||
ipv4 {
|
|
||||||
import all;
|
|
||||||
export none;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
protocol static {
|
|
||||||
route OWNNETv6 reject;
|
|
||||||
|
|
||||||
ipv6 {
|
|
||||||
import all;
|
|
||||||
export none;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
template bgp dnpeers {
|
|
||||||
local as OWNAS;
|
|
||||||
path metric 1;
|
|
||||||
|
|
||||||
ipv4 {
|
|
||||||
import filter {
|
|
||||||
if is_valid_network() && !is_self_net() then {
|
|
||||||
if (roa_check(dn42_roa, net, bgp_path.last) != ROA_VALID) then {
|
|
||||||
print "[dn42] ROA check failed for ", net, " ASN ", bgp_path.last;
|
|
||||||
reject;
|
|
||||||
} else accept;
|
|
||||||
} else reject;
|
|
||||||
};
|
|
||||||
|
|
||||||
export filter { if is_valid_network() then accept; else reject; };
|
|
||||||
import limit 1000 action block;
|
|
||||||
};
|
|
||||||
|
|
||||||
ipv6 {
|
|
||||||
import filter {
|
|
||||||
if is_valid_network_v6() && !is_self_net_v6() then {
|
|
||||||
if (roa_check(dn42_roa_v6, net, bgp_path.last) != ROA_VALID) then {
|
|
||||||
print "[dn42] ROA check failed for ", net, " ASN ", bgp_path.last;
|
|
||||||
reject;
|
|
||||||
} else accept;
|
|
||||||
} else reject;
|
|
||||||
};
|
|
||||||
export filter { if is_valid_network_v6() then accept; else reject; };
|
|
||||||
import limit 1000 action block;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
include "/etc/bird/peers/*";
|
|
||||||
|
|
||||||
log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
|
|
||||||
log stderr all;
|
|
||||||
#log "/home/bird/bird.log" all;
|
|
||||||
#log "/root/bird.log" all;
|
|
Loading…
x
Reference in New Issue
Block a user