forked from ansible_roles/dn42
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
66 lines
1.3 KiB
Plaintext
66 lines
1.3 KiB
Plaintext
5 years ago
|
protocol device {
|
||
|
scan time 10;
|
||
|
}
|
||
|
|
||
|
# local configuration
|
||
|
######################
|
||
|
|
||
|
include "/etc/bird/local6.conf";
|
||
|
|
||
|
# filter helpers
|
||
|
#################
|
||
|
|
||
|
##include "/etc/bird/filter6.conf";
|
||
|
|
||
|
# Kernel routing tables
|
||
|
########################
|
||
|
|
||
|
|
||
|
/*
|
||
|
krt_prefsrc defines the source address for outgoing connections.
|
||
|
On Linux, this causes the "src" attribute of a route to be set.
|
||
|
|
||
|
Without this option outgoing connections would use the peering IP which
|
||
|
would cause packet loss if some peering disconnects but the interface
|
||
|
is still available. (The route would still exist and thus route through
|
||
|
the TUN/TAP interface but the VPN daemon would simply drop the packet.)
|
||
|
*/
|
||
|
protocol kernel {
|
||
|
scan time 20;
|
||
|
import none;
|
||
|
export filter {
|
||
|
if source = RTS_STATIC then reject;
|
||
|
krt_prefsrc = OWNIP;
|
||
|
accept;
|
||
|
};
|
||
|
}
|
||
|
|
||
|
# static routes
|
||
|
################
|
||
|
|
||
|
protocol static {
|
||
|
route {{ dn42_local_subnet_v6 }} reject;
|
||
|
import all;
|
||
|
export none;
|
||
|
}
|
||
|
|
||
|
template bgp dnpeers {
|
||
|
local as OWNAS;
|
||
|
path metric 1;
|
||
|
import keep filtered;
|
||
|
import filter {
|
||
|
if is_valid_network() && !is_self_net() then {
|
||
|
accept;
|
||
|
}
|
||
|
reject;
|
||
|
};
|
||
|
export filter {
|
||
|
if is_valid_network() && source ~ [RTS_STATIC, RTS_BGP] then {
|
||
|
accept;
|
||
|
}
|
||
|
reject;
|
||
|
};
|
||
|
import limit 1000 action block;
|
||
|
}
|
||
|
|
||
|
include "/etc/bird/peers6/*";
|