birdconf.txt
... ...
@@ -0,0 +1,150 @@
1
+#############################################
2
+# Variable header #
3
+################################################
4
+
5
+
6
+define OWNAS = 4242422322;
7
+define OWNIP = 172.22.181.193;
8
+define OWNIPv6 = fd42:4242:2322::1;
9
+define OWNNET = 172.22.181.192/27;
10
+define OWNNETv6 = fd42:4242:2322::/48;
11
+define OWNNETSET = [172.22.181.192/27+];
12
+define OWNNETSETv6 = [fd42:4242:2322::/48+];
13
+
14
+################################################
15
+# Header end #
16
+################################################
17
+
18
+router id OWNIP;
19
+
20
+protocol device {
21
+ scan time 10;
22
+}
23
+
24
+/*
25
+ * Utility functions
26
+ */
27
+
28
+function is_self_net() {
29
+ return net ~ OWNNETSET;
30
+}
31
+
32
+function is_self_net_v6() {
33
+ return net ~ OWNNETSETv6;
34
+}
35
+
36
+function is_valid_network() {
37
+ return net ~ [
38
+ 172.20.0.0/14{21,29}, # dn42
39
+ 172.20.0.0/24{28,32}, # dn42 Anycast
40
+ 172.21.0.0/24{28,32}, # dn42 Anycast
41
+ 172.22.0.0/24{28,32}, # dn42 Anycast
42
+ 172.23.0.0/24{28,32}, # dn42 Anycast
43
+ 172.31.0.0/16+, # ChaosVPN
44
+ 10.100.0.0/14+, # ChaosVPN
45
+ 10.0.0.0/8{15,24} # Freifunk.net
46
+ ];
47
+}
48
+
49
+roa4 table dn42_roa;
50
+roa6 table dn42_roa_v6;
51
+
52
+protocol static {
53
+ roa4 { table dn42_roa; };
54
+ include "/etc/bird/roa4.conf";
55
+};
56
+
57
+protocol static {
58
+ roa6 { table dn42_roa_v6; };
59
+ include "/etc/bird/roa6.conf";
60
+};
61
+
62
+function is_valid_network_v6() {
63
+ return net ~ [
64
+ fd00::/8{44,64} # ULA address space as per RFC 4193
65
+ ];
66
+}
67
+
68
+protocol kernel {
69
+ scan time 20;
70
+
71
+ ipv6 {
72
+ import none;
73
+ export filter {
74
+ if source = RTS_STATIC then reject;
75
+ krt_prefsrc = OWNIPv6;
76
+ accept;
77
+ };
78
+ };
79
+};
80
+
81
+protocol kernel {
82
+ scan time 20;
83
+
84
+ ipv4 {
85
+ import none;
86
+ export filter {
87
+ if source = RTS_STATIC then reject;
88
+ krt_prefsrc = OWNIP;
89
+ accept;
90
+ };
91
+ };
92
+}
93
+
94
+protocol static {
95
+ route OWNNET reject;
96
+
97
+ ipv4 {
98
+ import all;
99
+ export none;
100
+ };
101
+}
102
+
103
+protocol static {
104
+ route OWNNETv6 reject;
105
+
106
+ ipv6 {
107
+ import all;
108
+ export none;
109
+ };
110
+}
111
+
112
+template bgp dnpeers {
113
+ local as OWNAS;
114
+ path metric 1;
115
+
116
+ ipv4 {
117
+ import filter {
118
+ if is_valid_network() && !is_self_net() then {
119
+ if (roa_check(dn42_roa, net, bgp_path.last) != ROA_VALID) then {
120
+ print "[dn42] ROA check failed for ", net, " ASN ", bgp_path.last;
121
+ reject;
122
+ } else accept;
123
+ } else reject;
124
+ };
125
+
126
+ export filter { if is_valid_network() then accept; else reject; };
127
+ import limit 1000 action block;
128
+ };
129
+
130
+ ipv6 {
131
+ import filter {
132
+ if is_valid_network_v6() && !is_self_net_v6() then {
133
+ if (roa_check(dn42_roa_v6, net, bgp_path.last) != ROA_VALID) then {
134
+ print "[dn42] ROA check failed for ", net, " ASN ", bgp_path.last;
135
+ reject;
136
+ } else accept;
137
+ } else reject;
138
+ };
139
+ export filter { if is_valid_network_v6() then accept; else reject; };
140
+ import limit 1000 action block;
141
+ };
142
+}
143
+
144
+
145
+include "/etc/bird/peers/*";
146
+
147
+log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
148
+log stderr all;
149
+#log "/home/bird/bird.log" all;
150
+#log "/root/bird.log" all;