9pfs/dn42-ansible
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

prepare for anycast

Browse source
This commit is contained in:
9pfs 2024-11-28 18:32:27 -08:00
parent 1588a116a7
commit f9562a3b93
Signed by: 9pfs
SSH key fingerprint: SHA256:yVO09iotyiNaBzBBvVR8ZTx7SB9VpvJPgR1Ihy1bz3Q
1 changed files with 14 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
bird-conf.j2
View file

@ -43,6 +43,12 @@ function is_self_net_v6() {
return net ~ OWNNETSETv6;
}
function is_my_anycast_v6() {
return net ~ [
fd42:d42:d42:81::/64
];
}
{% if unicastv4 is defined %}
function is_valid_network() {
return net ~ [
@ -57,6 +63,12 @@ function is_valid_network() {
10.0.0.0/8{15,24} # Freifunk.net
];
}
function is_my_anycast_v4() {
return net ~ [
172.20.0.81/32+
];
}
{% endif %}
{% if unicastv4 is defined %}
@ -143,7 +155,7 @@ template bgp dnpeers {
} else reject;
};
export filter { if is_valid_network() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; };
export filter { if is_valid_network() && source ~ [RTS_STATIC, RTS_BGP] then accept; else if is_my_anycast_v4() && source ~ [RTS_BABEL] then accept; else reject; };
import limit 9000 action block;
import table;
};
@ -159,7 +171,7 @@ template bgp dnpeers {
} else accept;
} else reject;
};
export filter { if is_valid_network_v6() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; };
export filter { if is_valid_network_v6() && source ~ [RTS_STATIC, RTS_BGP] then accept; else if is_my_anycast_v6() && source ~ [RTS_BABEL] then accept; else reject; };
import limit 9000 action block;
import table;
};