provide some filter examples; PR3764

author: henning <henning@openbsd.org> 2004-05-05 15:25:04 +0000
committer: henning <henning@openbsd.org> 2004-05-05 15:25:04 +0000
commit: f92d96190cc361c8e1bfb935e0e5605763c961a4 (patch)
tree: e7a942ea89ec0089e426bfcb7cb0a11b3831b411
parent: regen (diff)
download: wireguard-openbsd-f92d96190cc361c8e1bfb935e0e5605763c961a4.tar.xz
wireguard-openbsd-f92d96190cc361c8e1bfb935e0e5605763c961a4.zip
1 files changed, 16 insertions, 1 deletions
diff --git a/etc/bgpd.conf b/etc/bgpd.conf
index 7612420433a..9aa37b81467 100644
--- a/etc/bgpd.conf
+++ b/etc/bgpd.conf
@@ -1,4 +1,4 @@
-# $OpenBSD: bgpd.conf,v 1.3 2004/02/07 20:03:30 henning Exp $
+# $OpenBSD: bgpd.conf,v 1.4 2004/05/05 15:25:04 henning Exp $
 # sample bgpd configuration file
 # see bgpd.conf(5)
 
@@ -42,3 +42,18 @@ neighbor 10.0.1.0 {
 	tcp md5sig key	deadbeef
 }
 
+# filter out prefixes longer than 24 or shorter than 8 bits
+deny from any
+allow from any prefixlen 8 - 24
+
+# do not accept a default route
+deny from any prefix 0.0.0.0/0
+
+# filter bogus networks
+deny from any prefix 10.0.0.0/8 prefixlen >= 8
+deny from any prefix 172.16.0.0/12 prefixlen >= 12
+deny from any prefix 192.168.0.0/16 prefixlen >= 16
+deny from any prefix 169.254.0.0/16 prefixlen >= 16
+deny from any prefix 192.0.2.0/24 prefixlen >= 24
+deny from any prefix 224.0.0.0/4 prefixlen >= 4
+deny from any prefix 240.0.0.0/4 prefixlen >= 4
author	henning <henning@openbsd.org>	2004-05-05 15:25:04 +0000
committer	henning <henning@openbsd.org>	2004-05-05 15:25:04 +0000
commit	f92d96190cc361c8e1bfb935e0e5605763c961a4 (patch)
tree	e7a942ea89ec0089e426bfcb7cb0a11b3831b411
parent	regen (diff)
download	wireguard-openbsd-f92d96190cc361c8e1bfb935e0e5605763c961a4.tar.xz wireguard-openbsd-f92d96190cc361c8e1bfb935e0e5605763c961a4.zip