On Apr 30, 2017, at 8:47 AM, Krzysztof PuchaĆa TriplmeMedia <kpuchala at triplemedia.org> wrote:
Hi, You once added an example of a blackhole configuration in the birde on the mailing list:
http://bird.network.cz/pipermail/bird-users/2012-March/007671.html
I'm trying to implement this in my setup and when I'm overloading the configuration I have an error
bird> configure check
Reading configuration from /etc/bird/bird.conf
/etc/bird/bird.conf, line 49: syntax error
49 lines of code:
protocol kernel blackhole {
Maybe you have an idea why it does not work?
thanks in advance for your answer.
Hi, I'm replying to list for relevant benefit/discussion.
Wow, my example config is over 5 years old now...something probably changed in syntax requirements over the years, as this is what >we currently have in place (note that a pipe isn't used, as we now leverage "ip rule" to separately include the blacklist table):
table blackholes;
...
protocol kernel kblackholes {
table blackholes;
kernel table 10;
scan time 10;
learn;
import all;
export all;
}
...
filter bgp_out_upstream {
if (proto = "kblackholes" ) then
{
if net.len = 32 then {
bgp_community.add((64665,666)); # Replace 64665,666 with your upstream's community designation...if needed, otherwise >delete this line
printn "Blackhole nulling ";
print net;
accept;
}
}
if net ~ [192.168.0.0/16] then accept; ...replace this with your own netblocks, one netblock per entry
reject;
}
...
protocol bgp upstream {
...
export filter bgp_out_upstream;
...
}
HTH,
Gregg Berkholtz
Datacenter consulting, hosting & support since 1995
www.tocici.com | 503-488-5461 | AS14613
Thank you for your answer, almost everything is working. I have another question, my ddos attack detection system has a BGP session with BIRD and if it detects an attack it sends an IP address as prefix / 32.
How can I make such a prefix automatically add to the blackhole?