删除DN42相关配置
This commit is contained in:
@@ -12,10 +12,6 @@ protocol kernel {
|
||||
import none;
|
||||
export filter {
|
||||
if source = RTS_STATIC then reject;
|
||||
if dn42_is_valid_network_v6() then { # 检查DN42自有网段
|
||||
krt_prefsrc = DN42_V6_kernel;
|
||||
accept;
|
||||
}
|
||||
if !is_bogon_prefix() then {
|
||||
krt_prefsrc = LOCAL_V6_kernel;
|
||||
accept;
|
||||
@@ -31,10 +27,6 @@ protocol kernel {
|
||||
import none;
|
||||
export filter {
|
||||
if source = RTS_STATIC then reject;
|
||||
if dn42_is_valid_network() then { # 检查DN42自有网段
|
||||
krt_prefsrc = DN42_V4_kernel;
|
||||
accept;
|
||||
}
|
||||
if unet_is_valid_network_v4() then { # 检查UNET自有网段
|
||||
krt_prefsrc = UNET_V4_kernel;
|
||||
accept;
|
||||
|
||||
@@ -1,41 +0,0 @@
|
||||
function dn42_is_self_net() {
|
||||
return net ~ [
|
||||
172.20.21.0/26+
|
||||
];
|
||||
}
|
||||
|
||||
protocol static route_dn42_export_v4 {
|
||||
route 172.20.21.0/26 reject;
|
||||
|
||||
ipv4 {
|
||||
table dn42v4;
|
||||
import filter {
|
||||
bgp_large_community.add((DN42_ASN,3,0));# 不允许导出到内核
|
||||
bgp_large_community.add((DN42_ASN,1,0));# 不允许传输到ibgp
|
||||
bgp_large_community.add((DN42_ASN,200,0));# 传输到Ebgp
|
||||
accept;
|
||||
};
|
||||
export none;
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
function dn42_is_self_net_v6() {
|
||||
return net ~ [
|
||||
fde8:936e:ee29::/48+
|
||||
];
|
||||
}
|
||||
|
||||
protocol static route_dn42_export_v6 {
|
||||
route fde8:936e:ee29::/48 reject;
|
||||
ipv6 {
|
||||
table dn42v6;
|
||||
import filter {
|
||||
bgp_large_community.add((DN42_ASN,3,0));# 不允许导出到内核
|
||||
bgp_large_community.add((DN42_ASN,1,0));# 不允许传输到ibgp
|
||||
bgp_large_community.add((DN42_ASN,200,0));# 传输到Ebgp
|
||||
accept;
|
||||
};
|
||||
export none;
|
||||
};
|
||||
}
|
||||
@@ -1,31 +0,0 @@
|
||||
ipv4 table dn42v4;
|
||||
ipv6 table dn42v6;
|
||||
|
||||
function dn42_is_valid_network() {
|
||||
return net ~ [
|
||||
172.20.0.0/14+
|
||||
];
|
||||
}
|
||||
|
||||
function dn42_is_valid_network_v6() {
|
||||
return net ~ [
|
||||
fd00::/8+
|
||||
];
|
||||
}
|
||||
|
||||
protocol pipe dn42v4_sync {
|
||||
table dn42v4;
|
||||
peer table master4;
|
||||
export filter {
|
||||
if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject;
|
||||
accept;
|
||||
};
|
||||
}
|
||||
protocol pipe dn42v6_sync {
|
||||
table dn42v6;
|
||||
peer table master6;
|
||||
export filter {
|
||||
if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject;
|
||||
accept;
|
||||
};
|
||||
}
|
||||
@@ -12,7 +12,6 @@ function unet_is_valid_network_v4() {
|
||||
|
||||
function unet_is_valid_network_v4_anynet() {
|
||||
return net ~ [
|
||||
172.20.21.0/26+,
|
||||
44.32.191.0/24+
|
||||
];
|
||||
}
|
||||
@@ -26,8 +25,7 @@ function unet_is_valid_network_v4_allnet(){
|
||||
function unet_is_voalid_net_v6(){
|
||||
return net ~ [
|
||||
2406:840:e600::/44{44,64},
|
||||
2a0f:1cc5:0010::/44{44,64},
|
||||
fde8:936e:ee29::/48+
|
||||
2a0f:1cc5:0010::/44{44,64}
|
||||
];
|
||||
}
|
||||
|
||||
|
||||
@@ -1,65 +0,0 @@
|
||||
template bgp dn42_bgp_up {
|
||||
graceful restart;
|
||||
local as DN42_ASN;
|
||||
ipv4 {
|
||||
table dn42v4;
|
||||
import filter {
|
||||
if dn42_is_valid_network() && !dn42_is_self_net() then accept;
|
||||
reject;
|
||||
};
|
||||
export filter { if dn42_is_valid_network() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; };
|
||||
import limit 9000 action block;
|
||||
};
|
||||
ipv6 {
|
||||
table dn42v6;
|
||||
import filter {
|
||||
if dn42_is_valid_network_v6() && !dn42_is_self_net_v6() then accept;
|
||||
reject;
|
||||
};
|
||||
export filter { if dn42_is_valid_network_v6() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; };
|
||||
import limit 9000 action block;
|
||||
};
|
||||
}
|
||||
|
||||
template bgp dn42_ibgp {
|
||||
graceful restart;
|
||||
local as DN42_ASN;
|
||||
med metric;
|
||||
direct;
|
||||
ipv4 {
|
||||
table dn42v4;
|
||||
next hop self;
|
||||
gateway direct;
|
||||
import filter {
|
||||
if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
|
||||
if !dn42_is_valid_network() then reject;
|
||||
if dn42_is_self_net() then reject;
|
||||
accept;
|
||||
};
|
||||
export filter {
|
||||
if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
|
||||
if !dn42_is_valid_network() then reject;
|
||||
if dn42_is_self_net() then reject;
|
||||
accept;
|
||||
};
|
||||
};
|
||||
ipv6 {
|
||||
table dn42v6;
|
||||
next hop self;
|
||||
gateway direct;
|
||||
import filter {
|
||||
if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
|
||||
if !dn42_is_valid_network_v6() then reject;
|
||||
if dn42_is_self_net_v6() then reject;
|
||||
accept;
|
||||
};
|
||||
export filter {
|
||||
if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
|
||||
if !dn42_is_valid_network_v6() then reject;
|
||||
if dn42_is_self_net_v6() then reject;
|
||||
accept;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
include "/etc/bird/peers/dn42/*.conf";
|
||||
@@ -2,10 +2,6 @@ define LOCAL_ASN = 153376;
|
||||
define LOCAL_V4_kernel = 44.32.191.7;
|
||||
define LOCAL_V6_kernel = 2406:840:e603::1;
|
||||
|
||||
define DN42_ASN = 4242423376;
|
||||
define DN42_V4_kernel = 172.20.21.2;
|
||||
define DN42_V6_kernel = fde8:936e:ee29::1;
|
||||
|
||||
define UNET_ASN = 4218818801;
|
||||
define UNET_V4_kernel = 10.188.6.2;
|
||||
|
||||
|
||||
79
update.sh
79
update.sh
@@ -1,72 +1,31 @@
|
||||
#!/bin/bash
|
||||
|
||||
# 配置参数(请替换为实际URL)
|
||||
URL="https://git.nia.ink/brnet/bird_config/raw/branch/master/bird/function/unet.conf" # 替换为你的$url
|
||||
TARGET_FILE="/etc/bird/function/unet.conf"
|
||||
BACKUP_FILE="${TARGET_FILE}.bak.$(date +%Y%m%d%H%M%S)" # 带时间戳的备份文件
|
||||
LOG_FILE="/var/log/update_unet_conf.log"
|
||||
rm /etc/bird/conf/dn42.conf
|
||||
rm /etc/bird/function/dn42.conf
|
||||
rm /etc/bird/net/dn42.conf
|
||||
|
||||
# 日志函数
|
||||
log() {
|
||||
echo "[$(date +%Y%m%d%H%M%S)] $1" >> "$LOG_FILE"
|
||||
}
|
||||
rm /etc/bird/function/unet.conf
|
||||
curl https://git.nia.ink/brnet/bird_config/raw/branch/master/bird/function/unet.conf > /etc/bird/function/unet.conf
|
||||
|
||||
# 检查root权限
|
||||
if [ "$(id -u)" -ne 0 ]; then
|
||||
log "错误:必须使用root权限运行脚本(请用sudo)"
|
||||
echo "错误:必须使用root权限运行脚本(请用sudo)"
|
||||
exit 1
|
||||
fi
|
||||
rm /etc/bird/bird.conf
|
||||
curl https://git.nia.ink/brnet/bird_config/raw/branch/master/bird/bird.conf > /etc/bird/bird.conf
|
||||
|
||||
# 检查wget是否安装
|
||||
if ! command -v wget &> /dev/null; then
|
||||
log "错误:未安装wget,请先执行 'sudo apt install wget' 或 'sudo yum install wget' 安装"
|
||||
echo "错误:未安装wget,请先安装"
|
||||
exit 1
|
||||
fi
|
||||
temp_file=$(mktemp)
|
||||
awk '
|
||||
BEGIN { delete_dn42 = 0 }
|
||||
/^define DN42_ASN/ { delete_dn42 = 1 }
|
||||
delete_dn42 == 0 { print $0 }
|
||||
/^define UNET_ASN/ { delete_dn42 = 0; print $0 }
|
||||
' /etc/bird/vars.conf > "$temp_file"
|
||||
|
||||
# 检查目标文件目录是否存在
|
||||
if [ ! -d "$(dirname "$TARGET_FILE")" ]; then
|
||||
log "错误:目标目录 $(dirname "$TARGET_FILE") 不存在"
|
||||
echo "错误:目标目录不存在"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# 备份原文件
|
||||
log "开始备份原文件到 $BACKUP_FILE"
|
||||
if cp "$TARGET_FILE" "$BACKUP_FILE"; then
|
||||
log "备份成功"
|
||||
if [ -s "$temp_file" ]; then
|
||||
mv "$temp_file" /etc/bird/vars.conf
|
||||
echo "已成功删除 /etc/bird/vars.conf 中的DN42配置部分"
|
||||
else
|
||||
log "错误:备份失败,终止操作"
|
||||
echo "错误:备份失败"
|
||||
exit 1
|
||||
echo "处理出错,临时文件为空,未修改原文件"
|
||||
rm "$temp_file"
|
||||
fi
|
||||
|
||||
# 下载并覆盖文件
|
||||
log "开始从 $URL 下载文件"
|
||||
if wget -q -O "$TARGET_FILE" "$URL"; then # -q 静默模式,-O 指定输出文件
|
||||
log "下载成功,已覆盖 $TARGET_FILE"
|
||||
else
|
||||
log "错误:下载失败,恢复原文件"
|
||||
echo "错误:下载失败,正在恢复原文件..."
|
||||
mv "$BACKUP_FILE" "$TARGET_FILE" # 恢复备份
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# 验证文件内容(检查是否为空或乱码)
|
||||
if [ ! -s "$TARGET_FILE" ]; then # -s 检查文件非空
|
||||
log "错误:下载的文件为空,恢复原文件"
|
||||
echo "错误:文件为空,正在恢复原文件..."
|
||||
mv "$BACKUP_FILE" "$TARGET_FILE"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# (可选)重启bird服务并检查状态
|
||||
log "重载bird服务"
|
||||
birdc c
|
||||
log "脚本执行完毕"
|
||||
|
||||
cat $TARGET_FILE
|
||||
|
||||
cd
|
||||
rm update.sh
|
||||
Reference in New Issue
Block a user