From 37842ed60049d2cb89d804ef9a780ba0e813afd7 Mon Sep 17 00:00:00 2001 From: daxi20 Date: Mon, 3 Nov 2025 16:57:26 +0800 Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0=E5=A4=96=E5=8F=91BGP?= =?UTF-8?q?=E6=A8=A1=E6=9D=BF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bird/net/inet.conf | 4 ++++ bird/net/unet.conf | 49 +++++++++++++++++++++++++++++++++++----------- update.sh | 7 +++++-- 3 files changed, 47 insertions(+), 13 deletions(-) diff --git a/bird/net/inet.conf b/bird/net/inet.conf index 733c9fa..d631211 100644 --- a/bird/net/inet.conf +++ b/bird/net/inet.conf @@ -6,6 +6,8 @@ template bgp tpl_bgp_up { import filter { if is_self_net() then reject; if is_bogon_prefix() || (bgp_path.len > 100) then reject; + bgp_large_community.empty; + bgp_large_community.add((LOCAL_ASN,200,0));# 传输到Ebgp accept; }; export filter { @@ -22,6 +24,8 @@ template bgp tpl_bgp_up { import filter { if is_self_net_v6() then reject; if is_bogon_prefix() || (bgp_path.len > 100) then reject; + bgp_large_community.empty; + bgp_large_community.add((LOCAL_ASN,200,0));# 传输到Ebgp accept; }; export filter { diff --git a/bird/net/unet.conf b/bird/net/unet.conf index 231883e..93ee29f 100644 --- a/bird/net/unet.conf +++ b/bird/net/unet.conf @@ -4,19 +4,37 @@ template bgp unet_bgp_up0 { ipv4 { table unet4; import filter { - if unet_is_valid_network_v4_allnet() && !unet_is_self_net() then accept; - reject; + if !unet_is_valid_network_v4_allnet() then reject; + if unet_is_self_net() then reject; + bgp_large_community.empty; + bgp_large_community.add((UNET_ASN,200,0));# 传输到Ebgp + accept; + }; + export filter { + if !unet_is_valid_network_v4_allnet() then reject; + if source !~ [RTS_STATIC, RTS_BGP] then reject; + if bgp_large_community !~ [(UNET_ASN, 200,0)] then reject; + bgp_large_community.empty; + accept; }; - export filter { if unet_is_valid_network_v4_allnet() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; }; import limit 9000 action block; }; - ipv6 { - table unet6; + ipv4 { + table unet4; import filter { - if unet_is_voalid_net_v6() && !unet_is_self_net_v6() then accept; - reject; + if !unet_is_voalid_net_v6() then reject; + if unet_is_self_net_v6() then reject; + bgp_large_community.empty; + bgp_large_community.add((UNET_ASN,200,0));# 传输到Ebgp + accept; + }; + export filter { + if !unet_is_voalid_net_v6() then reject; + if source !~ [RTS_STATIC, RTS_BGP] then reject; + if bgp_large_community !~ [(UNET_ASN, 200,0)] then reject; + bgp_large_community.empty; + accept; }; - export filter { if unet_is_voalid_net_v6() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; }; import limit 9000 action block; }; } @@ -27,10 +45,19 @@ template bgp unet_bgp_up1 { ipv4 { table unet4; import filter { - if unet_is_valid_network_v4() && !unet_is_self_net() then accept; - reject; + if !unet_is_valid_network_v4() then reject; + if unet_is_self_net() then reject; + bgp_large_community.empty; + bgp_large_community.add((UNET_ASN,200,0));# 传输到Ebgp + accept; + }; + export filter { + if !unet_is_valid_network_v4() then reject; + if source !~ [RTS_STATIC, RTS_BGP] then reject; + if bgp_large_community !~ [(UNET_ASN, 200,0)] then reject; + bgp_large_community.empty; + accept; }; - export filter { if unet_is_valid_network_v4() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; }; import limit 9000 action block; }; } diff --git a/update.sh b/update.sh index 4c22b5a..bf211ea 100644 --- a/update.sh +++ b/update.sh @@ -1,7 +1,10 @@ #!/bin/bash -rm /etc/bird/function/unet.conf -curl https://git.nia.ink/brnet/bird_config/raw/branch/master/bird/function/unet.conf > /etc/bird/function/unet.conf +rm /etc/bird/net/unet.conf +curl https://git.nia.ink/brnet/bird_config/raw/branch/master/bird/net/unet.conf > /etc/bird/net/unet.conf + +rm /etc/bird/net/inet.conf +curl https://git.nia.ink/brnet/bird_config/raw/branch/master/bird/net/inet.conf > /etc/bird/net/inet.conf chmod -R 755 /etc/bird