birdconf.txt
... ...
@@ -1,150 +0,0 @@
1
-#############################################
2
-# Variable header #
3
-################################################
4
-
5
-
6
-define OWNAS = 4242422322;
7
-define OWNIP = 172.22.181.193;
8
-define OWNIPv6 = fd42:4242:2322::1;
9
-define OWNNET = 172.22.181.192/27;
10
-define OWNNETv6 = fd42:4242:2322::/48;
11
-define OWNNETSET = [172.22.181.192/27+];
12
-define OWNNETSETv6 = [fd42:4242:2322::/48+];
13
-
14
-################################################
15
-# Header end #
16
-################################################
17
-
18
-router id OWNIP;
19
-
20
-protocol device {
21
- scan time 10;
22
-}
23
-
24
-/*
25
- * Utility functions
26
- */
27
-
28
-function is_self_net() {
29
- return net ~ OWNNETSET;
30
-}
31
-
32
-function is_self_net_v6() {
33
- return net ~ OWNNETSETv6;
34
-}
35
-
36
-function is_valid_network() {
37
- return net ~ [
38
- 172.20.0.0/14{21,29}, # dn42
39
- 172.20.0.0/24{28,32}, # dn42 Anycast
40
- 172.21.0.0/24{28,32}, # dn42 Anycast
41
- 172.22.0.0/24{28,32}, # dn42 Anycast
42
- 172.23.0.0/24{28,32}, # dn42 Anycast
43
- 172.31.0.0/16+, # ChaosVPN
44
- 10.100.0.0/14+, # ChaosVPN
45
- 10.0.0.0/8{15,24} # Freifunk.net
46
- ];
47
-}
48
-
49
-roa4 table dn42_roa;
50
-roa6 table dn42_roa_v6;
51
-
52
-protocol static {
53
- roa4 { table dn42_roa; };
54
- include "/etc/bird/roa4.conf";
55
-};
56
-
57
-protocol static {
58
- roa6 { table dn42_roa_v6; };
59
- include "/etc/bird/roa6.conf";
60
-};
61
-
62
-function is_valid_network_v6() {
63
- return net ~ [
64
- fd00::/8{44,64} # ULA address space as per RFC 4193
65
- ];
66
-}
67
-
68
-protocol kernel {
69
- scan time 20;
70
-
71
- ipv6 {
72
- import none;
73
- export filter {
74
- if source = RTS_STATIC then reject;
75
- krt_prefsrc = OWNIPv6;
76
- accept;
77
- };
78
- };
79
-};
80
-
81
-protocol kernel {
82
- scan time 20;
83
-
84
- ipv4 {
85
- import none;
86
- export filter {
87
- if source = RTS_STATIC then reject;
88
- krt_prefsrc = OWNIP;
89
- accept;
90
- };
91
- };
92
-}
93
-
94
-protocol static {
95
- route OWNNET reject;
96
-
97
- ipv4 {
98
- import all;
99
- export none;
100
- };
101
-}
102
-
103
-protocol static {
104
- route OWNNETv6 reject;
105
-
106
- ipv6 {
107
- import all;
108
- export none;
109
- };
110
-}
111
-
112
-template bgp dnpeers {
113
- local as OWNAS;
114
- path metric 1;
115
-
116
- ipv4 {
117
- import filter {
118
- if is_valid_network() && !is_self_net() then {
119
- if (roa_check(dn42_roa, net, bgp_path.last) != ROA_VALID) then {
120
- print "[dn42] ROA check failed for ", net, " ASN ", bgp_path.last;
121
- reject;
122
- } else accept;
123
- } else reject;
124
- };
125
-
126
- export filter { if is_valid_network() then accept; else reject; };
127
- import limit 1000 action block;
128
- };
129
-
130
- ipv6 {
131
- import filter {
132
- if is_valid_network_v6() && !is_self_net_v6() then {
133
- if (roa_check(dn42_roa_v6, net, bgp_path.last) != ROA_VALID) then {
134
- print "[dn42] ROA check failed for ", net, " ASN ", bgp_path.last;
135
- reject;
136
- } else accept;
137
- } else reject;
138
- };
139
- export filter { if is_valid_network_v6() then accept; else reject; };
140
- import limit 1000 action block;
141
- };
142
-}
143
-
144
-
145
-include "/etc/bird/peers/*";
146
-
147
-log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
148
-log stderr all;
149
-#log "/home/bird/bird.log" all;
150
-#log "/root/bird.log" all;