On Apr 30, 2017, at 8:47 AM, Krzysztof Puchała TriplmeMedia <kpuchala at triplemedia.org> wrote:
Hi, You once added an example of a blackhole configuration in the birde on the mailing list: http://bird.network.cz/pipermail/bird-users/2012-March/007671.html I'm trying to implement this in my setup and when I'm overloading the configuration I have an error bird> configure check Reading configuration from /etc/bird/bird.conf /etc/bird/bird.conf, line 49: syntax error
49 lines of code: protocol kernel blackhole {
Maybe you have an idea why it does not work? thanks in advance for your answer. Hi, I'm replying to list for relevant benefit/discussion.
Wow, my example config is over 5 years old now...something probably changed in syntax requirements over the years, as this is what >we currently have in place (note that a pipe isn't used, as we now leverage "ip rule" to separately include the blacklist table):
table blackholes; ... protocol kernel kblackholes { table blackholes; kernel table 10; scan time 10; learn; import all; export all; } ... filter bgp_out_upstream { if (proto = "kblackholes" ) then { if net.len = 32 then { bgp_community.add((64665,666)); # Replace 64665,666 with your upstream's community designation...if needed, otherwise >delete this line printn "Blackhole nulling "; print net; accept; } } if net ~ [192.168.0.0/16] then accept; ...replace this with your own netblocks, one netblock per entry reject; } ... protocol bgp upstream { ... export filter bgp_out_upstream; ... }
HTH, Gregg Berkholtz Datacenter consulting, hosting & support since 1995 www.tocici.com [1] | 503-488-5461 | AS14613
Thank you for your answer, almost everything is working. I have another question, my ddos attack detection system has a BGP session with BIRD and if it detects an attack it sends an IP address as prefix / 32. How can I make such a prefix automatically add to the blackhole? Links: ------ [1] http://www.tocici.com