forked from ansible_roles/dn42
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
75 lines
1.9 KiB
Django/Jinja
75 lines
1.9 KiB
Django/Jinja
# Device status
|
|
protocol device {
|
|
scan time 10; # recheck every 10 seconds
|
|
}
|
|
|
|
protocol static {
|
|
# Static routes to announce your own range(s) in dn42
|
|
route {{ dn42_local_subnet_v4 }} reject;
|
|
import all;
|
|
export none;
|
|
};
|
|
|
|
# local configuration
|
|
######################
|
|
|
|
# keeping router specific in a seperate file,
|
|
# so this configuration can be reused on multiple routers in your network
|
|
include "/etc/bird/local4.conf";
|
|
|
|
# filter helpers
|
|
#################
|
|
|
|
##include "/etc/bird/filter4.conf";
|
|
|
|
# Kernel routing tables
|
|
########################
|
|
|
|
/*
|
|
krt_prefsrc defines the source address for outgoing connections.
|
|
On Linux, this causes the "src" attribute of a route to be set.
|
|
|
|
Without this option outgoing connections would use the peering IP which
|
|
would cause packet loss if some peering disconnects but the interface
|
|
is still available. (The route would still exist and thus route through
|
|
the TUN/TAP interface but the VPN daemon would simply drop the packet.)
|
|
*/
|
|
protocol kernel {
|
|
scan time 20;
|
|
import none;
|
|
export filter {
|
|
if source = RTS_STATIC then reject;
|
|
krt_prefsrc = OWNIP;
|
|
accept;
|
|
};
|
|
};
|
|
# DN42
|
|
#######
|
|
|
|
template bgp dnpeers {
|
|
local as OWNAS;
|
|
# metric is the number of hops between us and the peer
|
|
path metric 1;
|
|
# this lines allows debugging filter rules
|
|
# filtered routes can be looked up in birdc using the "show route filtered" command
|
|
import keep filtered;
|
|
import filter {
|
|
# accept every subnet, except our own advertised subnet
|
|
# filtering is important, because some guys try to advertise routes like 0.0.0.0
|
|
if is_valid_network() && !is_self_net() then {
|
|
accept;
|
|
}
|
|
reject;
|
|
};
|
|
export filter {
|
|
# here we export the whole net
|
|
if is_valid_network() && source ~ [RTS_STATIC, RTS_BGP] then {
|
|
accept;
|
|
}
|
|
reject;
|
|
};
|
|
import limit 1000 action block;
|
|
#source address OWNIP;
|
|
};
|
|
|
|
include "/etc/bird/peers4/*"; |