On Wed, May 02, 2012 at 10:23:54AM +0200, Dan Luedtke wrote:
Hi everyone,
I am stuck with bird, could you please give me a hint?
The setup: My router peers with Team Cymru to get fullbogons via BGP. I want to blackhole these routes using a filter. My filter looks like this:
filter blackhole { gw = 2001:db8::1; accept; }
..
Any ideas how to accomplish blackholing? Other approaches maybe?
It is not directly possible in current version, but patch is already in GIT (see attachment). With that, you could use 'dest = RTD_UNREACHABLE;' (or RTD_PROHIBIT or RTD_BLACKHOLE) to change route destination type. Changing gw currently works only within one iface. BTW, what is 2001:db8::1? Some well known blackhole address or just any address unreachable on the router? Another idea is that if you use 'gateway recursive' BGP option (default for iBGP), you could use 'bgp_next_hop = some_unreachable_ip;' in BGP import filter to make the route unreachable. -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."