Updated birdconf (markdown)

-Hosted by: [xuu](mailto:[email protected]), [nurtic-vibe](mailto:[email protected]), [toBee](mailto:[email protected]), [burble](mailto:[email protected]) | Accessible via: [dn42](http://wiki.dn42), [tor](http://jsptropkiix3ki5u.onion), [i2p](http://beb6v2i4jevo72vvnx6segsk4zv3pu3prbwcfuta3bzrcv7boy2q.b32.i2p/)

- * [Home](/Home)

- * [Getting Started](/howto/Getting-Started)

- * [Registry Authentication](/howto/Registry-Authentication)

- * [Address Space](/howto/Address-Space)

- * [FAQ](/FAQ)

-

-* How-To

- * [Wireguard](/howto/wireguard)

- * [Openvpn](/howto/openvpn)

- * [IPsec With Public Keys](/howto/IPsec-with-PublicKeys)

- * [Tinc](/howto/tinc)

- * [GRE on FreeBSD](/howto/GRE-on-FreeBSD)

- * [GRE on OpenBSD](/howto/GRE-on-OpenBSD)

- * [IPv6 Multicast (PIM-SM)](/howto/IPv6-Multicast)

- * [Bird](/howto/Bird) / [Bird2](/howto/Bird2)

- * [Quagga](/howto/Quagga)

- * [OpenBGPD](/howto/OpenBGPD)

- * [Mikrotik RouterOS](/howto/mikrotik)

- * [EdgeRouter](/howto/EdgeOS-Config)

- * [Static routes on Windows](/howto/Static-routes-on-Windows)

- * [Universal Network Requirements](/howto/networksettings)

- * [VyOS](/howto/vyos)

- * [NixOS](/howto/nixos)

-

-* Services

- * [IRC](/services/IRC)

- * [Whois registry](/services/Whois)

- * [DNS](/services/DNS)

- * [Public DNS](/services/Clearnet-Domains)

- * [Looking Glasses](/services/Looking-Glasses)

- * [Repository Mirrors](/services/Repository-Mirrors)

- * [Distributed Wiki](/services/Distributed-Wiki)

- * [Certificate Authority](/services/Certificate-Authority)

- * [Route Collector](/services/Route-Collector)

-

-* Internal

- * [Internal services](/internal/Internal-Services)

- * [Interconnections](/internal/Interconnections)

- * [APIs](/internal/APIs)

- * [Historical services](/internal/Historical-Services)

-

-* External Tools

- * [Paste Board](/https://paste.dn42.us)

- * [Git Repositories](/https://git.dn42.dev)

-

---------------

-

-#############################################

-# Variable header #

-################################################

-

-

-define OWNAS = 4242422322;

-define OWNIP = 172.22.181.193;

-define OWNIPv6 = fd42:4242:2322::1;

-define OWNNET = 172.22.181.192/27;

-define OWNNETv6 = fd42:4242:2322::/48;

-define OWNNETSET = [172.22.181.192/27+];

-define OWNNETSETv6 = [fd42:4242:2322::/48+];

-

-################################################

-# Header end #

-################################################

-

-router id OWNIP;

-

-protocol device {

- scan time 10;

-}

-

-/*

- * Utility functions

- */

-

-function is_self_net() {

- return net ~ OWNNETSET;

-}

-

-function is_self_net_v6() {

- return net ~ OWNNETSETv6;

-}

-

-function is_valid_network() {

- return net ~ [

- 172.20.0.0/14{21,29}, # dn42

- 172.20.0.0/24{28,32}, # dn42 Anycast

- 172.21.0.0/24{28,32}, # dn42 Anycast

- 172.22.0.0/24{28,32}, # dn42 Anycast

- 172.23.0.0/24{28,32}, # dn42 Anycast

- 172.31.0.0/16+, # ChaosVPN

- 10.100.0.0/14+, # ChaosVPN

- 10.0.0.0/8{15,24} # Freifunk.net

- ];

-}

-

-roa4 table dn42_roa;

-roa6 table dn42_roa_v6;

-

-protocol static {

- roa4 { table dn42_roa; };

- include "/etc/bird/roa4.conf";

-};

-

-protocol static {

- roa6 { table dn42_roa_v6; };

- include "/etc/bird/roa6.conf";

-};

-

-function is_valid_network_v6() {

- return net ~ [

- fd00::/8{44,64} # ULA address space as per RFC 4193

- ];

-}

-

-protocol kernel {

- scan time 20;

-

- ipv6 {

- import none;

- export filter {

- if source = RTS_STATIC then reject;

- krt_prefsrc = OWNIPv6;

- accept;

- };

- };

-};

-

-protocol kernel {

- scan time 20;

-

- ipv4 {

- import none;

- export filter {

- if source = RTS_STATIC then reject;

- krt_prefsrc = OWNIP;

- accept;

- };

- };

-}

-

-protocol static {

- route OWNNET reject;

-

- ipv4 {

- import all;

- export none;

- };

-}

-

-protocol static {

- route OWNNETv6 reject;

-

- ipv6 {

- import all;

- export none;

- };

-}

-

-template bgp dnpeers {

- local as OWNAS;

- path metric 1;

-

- ipv4 {

- import filter {

- if is_valid_network() && !is_self_net() then {

- if (roa_check(dn42_roa, net, bgp_path.last) != ROA_VALID) then {

- print "[dn42] ROA check failed for ", net, " ASN ", bgp_path.last;

- reject;

- } else accept;

- } else reject;

- };

-

- export filter { if is_valid_network() then accept; else reject; };

- import limit 1000 action block;

- };

-

- ipv6 {

- import filter {

- if is_valid_network_v6() && !is_self_net_v6() then {

- if (roa_check(dn42_roa_v6, net, bgp_path.last) != ROA_VALID) then {

- print "[dn42] ROA check failed for ", net, " ASN ", bgp_path.last;

- reject;

- } else accept;

- } else reject;

- };

- export filter { if is_valid_network_v6() then accept; else reject; };

- import limit 1000 action block;

- };

-}

-

-

-include "/etc/bird/peers/*";

-

-log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };

-log stderr all;

-#log "/home/bird/bird.log" all;

-#log "/root/bird.log" all;