From faa000153f7fcd8dca0c2248624e71cec1b2de37 Mon Sep 17 00:00:00 2001
From: Simeon Keske <git@n0emis.eu>
Date: Sun, 24 May 2020 20:18:13 +0200
Subject: [PATCH] disable multiprotocol, when not ezplicilty enabled

---
 templates/bird2/bird.conf.j2 | 45 ++++++++++++++++++++++++++++++++++++
 templates/bird2/peer.conf.j2 |  4 ++--
 2 files changed, 47 insertions(+), 2 deletions(-)

diff --git a/templates/bird2/bird.conf.j2 b/templates/bird2/bird.conf.j2
index cc4ee11..6869b07 100644
--- a/templates/bird2/bird.conf.j2
+++ b/templates/bird2/bird.conf.j2
@@ -151,5 +151,50 @@ template bgp dnpeers {
     };
 }
 
+template bgp dnpeers_v4 {
+    local as OWNAS;
+    path metric 1;
+
+    ipv4 {
+        import filter {
+          if is_valid_network() && !is_self_net() then {
+            {% if dn42_enable_roa %}
+            if (roa_check(dn42_roa, net, bgp_path.last) != ROA_VALID) then {
+              print "[dn42] ROA check failed for ", net, " ASN ", bgp_path.last;
+              reject;
+            } else accept;
+            {% else %}
+            accept;
+            {% endif %}
+          } else reject;
+        };
+
+        export filter { if is_valid_network() then accept; else reject; };
+        import limit 1000 action block;
+    };
+}
+
+template bgp dnpeers_v6 {
+    local as OWNAS;
+    path metric 1;
+
+    ipv6 {
+        import filter {
+          if is_valid_network_v6() && !is_self_net_v6() then {
+            {% if dn42_enable_roa %}
+            if (roa_check(dn42_roa_v6, net, bgp_path.last) != ROA_VALID) then {
+              print "[dn42] ROA check failed for ", net, " ASN ", bgp_path.last;
+              reject;
+            } else accept;
+            {% else %}
+            accept;
+            {% endif %}
+          } else reject;
+        };
+        export filter { if is_valid_network_v6() then accept; else reject; };
+        import limit 1000 action block;
+    };
+}
+
 
 include "/etc/bird/peers/*";
\ No newline at end of file
diff --git a/templates/bird2/peer.conf.j2 b/templates/bird2/peer.conf.j2
index dc35226..cbbd9db 100644
--- a/templates/bird2/peer.conf.j2
+++ b/templates/bird2/peer.conf.j2
@@ -1,11 +1,11 @@
 {% if peer.v4 is defined and not peer.bgp4o6 is defined %}
-protocol bgp {{ peer.name }} from dnpeers {
+protocol bgp {{ peer.name }} from dnpeers{% if not peer.bgp4o6 is defined %}_v4{% endif %} {
   neighbor {{ peer.v4 }} as {{ peer.as }};
 };
 {% endif %}
 
 {% if peer.v6 is defined %}
-protocol bgp {{ peer.name }}_v6 from dnpeers {
+protocol bgp {{ peer.name }}_v6 from dnpeers{% if not peer.bgp4o6 is defined %}_v6{% endif %} {
   # if you use link-local ipv6 addresses for peering using the following
   neighbor {{ peer.v6 }}%{{ peer.if.name | default('dn42_' + peer.name) }} as {{ peer.as }};
 {% if peer.debug is defined %}