forked from ansible_roles/dn42
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
66 lines
1.3 KiB
Django/Jinja
66 lines
1.3 KiB
Django/Jinja
protocol device {
|
|
scan time 10;
|
|
}
|
|
|
|
# local configuration
|
|
######################
|
|
|
|
include "/etc/bird/local6.conf";
|
|
|
|
# filter helpers
|
|
#################
|
|
|
|
##include "/etc/bird/filter6.conf";
|
|
|
|
# Kernel routing tables
|
|
########################
|
|
|
|
|
|
/*
|
|
krt_prefsrc defines the source address for outgoing connections.
|
|
On Linux, this causes the "src" attribute of a route to be set.
|
|
|
|
Without this option outgoing connections would use the peering IP which
|
|
would cause packet loss if some peering disconnects but the interface
|
|
is still available. (The route would still exist and thus route through
|
|
the TUN/TAP interface but the VPN daemon would simply drop the packet.)
|
|
*/
|
|
protocol kernel {
|
|
scan time 20;
|
|
import none;
|
|
export filter {
|
|
if source = RTS_STATIC then reject;
|
|
krt_prefsrc = OWNIP;
|
|
accept;
|
|
};
|
|
}
|
|
|
|
# static routes
|
|
################
|
|
|
|
protocol static {
|
|
route {{ dn42_local_subnet_v6 }} reject;
|
|
import all;
|
|
export none;
|
|
}
|
|
|
|
template bgp dnpeers {
|
|
local as OWNAS;
|
|
path metric 1;
|
|
import keep filtered;
|
|
import filter {
|
|
if is_valid_network() && !is_self_net() then {
|
|
accept;
|
|
}
|
|
reject;
|
|
};
|
|
export filter {
|
|
if is_valid_network() && source ~ [RTS_STATIC, RTS_BGP] then {
|
|
accept;
|
|
}
|
|
reject;
|
|
};
|
|
import limit 1000 action block;
|
|
}
|
|
|
|
include "/etc/bird/peers6/*"; |