summaryrefslogtreecommitdiff
path: root/etc/bgpd.conf
diff options
context:
space:
mode:
authorHenning Brauer <henning@cvs.openbsd.org>2004-05-05 15:25:05 +0000
committerHenning Brauer <henning@cvs.openbsd.org>2004-05-05 15:25:05 +0000
commit902102d4498538f5e0e4c2c00b36f0b2330def21 (patch)
treeec662588c358c36d2d7ac548d99a6840160ac7fa /etc/bgpd.conf
parentd208c9e26c6e38bb79ca7a900e73d624524c3638 (diff)
provide some filter examples; PR3764
Diffstat (limited to 'etc/bgpd.conf')
-rw-r--r--etc/bgpd.conf17
1 files changed, 16 insertions, 1 deletions
diff --git a/etc/bgpd.conf b/etc/bgpd.conf
index 7612420433a..9aa37b81467 100644
--- a/etc/bgpd.conf
+++ b/etc/bgpd.conf
@@ -1,4 +1,4 @@
-# $OpenBSD: bgpd.conf,v 1.3 2004/02/07 20:03:30 henning Exp $
+# $OpenBSD: bgpd.conf,v 1.4 2004/05/05 15:25:04 henning Exp $
# sample bgpd configuration file
# see bgpd.conf(5)
@@ -42,3 +42,18 @@ neighbor 10.0.1.0 {
tcp md5sig key deadbeef
}
+# filter out prefixes longer than 24 or shorter than 8 bits
+deny from any
+allow from any prefixlen 8 - 24
+
+# do not accept a default route
+deny from any prefix 0.0.0.0/0
+
+# filter bogus networks
+deny from any prefix 10.0.0.0/8 prefixlen >= 8
+deny from any prefix 172.16.0.0/12 prefixlen >= 12
+deny from any prefix 192.168.0.0/16 prefixlen >= 16
+deny from any prefix 169.254.0.0/16 prefixlen >= 16
+deny from any prefix 192.0.2.0/24 prefixlen >= 24
+deny from any prefix 224.0.0.0/4 prefixlen >= 4
+deny from any prefix 240.0.0.0/4 prefixlen >= 4
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-29 02:09:18 +0000