fix
This commit is contained in:
@@ -1,9 +1,6 @@
|
|||||||
function unet_is_valid_network_v4() {
|
function unet_is_valid_network_v4() {
|
||||||
return net ~ [
|
return net ~ [
|
||||||
10.50.0.0/16+,
|
10.0.0.0/8+
|
||||||
10.88.0.0/16+,
|
|
||||||
10.21.0.0/16+,
|
|
||||||
10.188.0.0/16+
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -1,7 +1,6 @@
|
|||||||
filter filter_inet4_bgp_import {
|
filter filter_inet4_bgp_import {
|
||||||
if is_self_net_inet4() then reject;
|
if is_self_net_inet4() then reject;
|
||||||
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
|
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
|
||||||
bgp_large_community.empty;
|
|
||||||
bgp_large_community.add((LOCAL_ASN,200,0));
|
bgp_large_community.add((LOCAL_ASN,200,0));
|
||||||
accept;
|
accept;
|
||||||
}
|
}
|
||||||
@@ -11,15 +10,13 @@ filter filter_inet4_bgp_export {
|
|||||||
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
|
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
|
||||||
if source != RTS_STATIC then reject;
|
if source != RTS_STATIC then reject;
|
||||||
if bgp_large_community !~ [(LOCAL_ASN, 200,0)] then reject;
|
if bgp_large_community !~ [(LOCAL_ASN, 200,0)] then reject;
|
||||||
bgp_large_community.empty;
|
|
||||||
accept;
|
accept;
|
||||||
}
|
}
|
||||||
|
|
||||||
filter filter_inet6_bgp_import {
|
filter filter_inet6_bgp_import {
|
||||||
if is_self_net_inet6() then reject;
|
if is_self_net_inet6() then reject;
|
||||||
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
|
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
|
||||||
bgp_large_community.empty;
|
bgp_large_community.add((LOCAL_ASN,200,0));
|
||||||
bgp_large_community.add((LOCAL_ASN,200,0));# 传输到Ebgp
|
|
||||||
accept;
|
accept;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -28,7 +25,6 @@ filter filter_inet6_bgp_export {
|
|||||||
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
|
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
|
||||||
if source != RTS_STATIC then reject;
|
if source != RTS_STATIC then reject;
|
||||||
if bgp_large_community !~ [(LOCAL_ASN, 200,0)] then reject;
|
if bgp_large_community !~ [(LOCAL_ASN, 200,0)] then reject;
|
||||||
bgp_large_community.empty;
|
|
||||||
accept;
|
accept;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -12,7 +12,6 @@ template bgp tpl_inet6_ixp {
|
|||||||
if !is_self_net_inet6() then reject;
|
if !is_self_net_inet6() then reject;
|
||||||
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
|
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
|
||||||
if bgp_large_community !~ [(LOCAL_ASN, 200,0)] then reject;
|
if bgp_large_community !~ [(LOCAL_ASN, 200,0)] then reject;
|
||||||
bgp_large_community.empty;
|
|
||||||
accept;
|
accept;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -6,15 +6,13 @@ template bgp unet_bgp_up0 {
|
|||||||
import filter {
|
import filter {
|
||||||
if !unet_is_valid_network_v4_allnet() then reject;
|
if !unet_is_valid_network_v4_allnet() then reject;
|
||||||
if unet_is_self_net() then reject;
|
if unet_is_self_net() then reject;
|
||||||
bgp_large_community.empty;
|
bgp_large_community.add((UNET_ASN,200,0));
|
||||||
bgp_large_community.add((UNET_ASN,200,0));# 传输到Ebgp
|
|
||||||
accept;
|
accept;
|
||||||
};
|
};
|
||||||
export filter {
|
export filter {
|
||||||
if !unet_is_valid_network_v4_allnet() then reject;
|
if !unet_is_valid_network_v4_allnet() then reject;
|
||||||
if source !~ [RTS_STATIC, RTS_BGP] then reject;
|
if source !~ [RTS_STATIC, RTS_BGP] then reject;
|
||||||
if bgp_large_community !~ [(UNET_ASN, 200,0)] then reject;
|
if bgp_large_community !~ [(UNET_ASN, 200,0)] then reject;
|
||||||
bgp_large_community.empty;
|
|
||||||
accept;
|
accept;
|
||||||
};
|
};
|
||||||
import limit 9000 action block;
|
import limit 9000 action block;
|
||||||
@@ -24,15 +22,13 @@ template bgp unet_bgp_up0 {
|
|||||||
import filter {
|
import filter {
|
||||||
if !unet_is_voalid_net_v6() then reject;
|
if !unet_is_voalid_net_v6() then reject;
|
||||||
if unet_is_self_net_v6() then reject;
|
if unet_is_self_net_v6() then reject;
|
||||||
bgp_large_community.empty;
|
bgp_large_community.add((UNET_ASN,200,0));
|
||||||
bgp_large_community.add((UNET_ASN,200,0));# 传输到Ebgp
|
|
||||||
accept;
|
accept;
|
||||||
};
|
};
|
||||||
export filter {
|
export filter {
|
||||||
if !unet_is_voalid_net_v6() then reject;
|
if !unet_is_voalid_net_v6() then reject;
|
||||||
if source !~ [RTS_STATIC, RTS_BGP] then reject;
|
if source !~ [RTS_STATIC, RTS_BGP] then reject;
|
||||||
if bgp_large_community !~ [(UNET_ASN, 200,0)] then reject;
|
if bgp_large_community !~ [(UNET_ASN, 200,0)] then reject;
|
||||||
bgp_large_community.empty;
|
|
||||||
accept;
|
accept;
|
||||||
};
|
};
|
||||||
import limit 9000 action block;
|
import limit 9000 action block;
|
||||||
@@ -47,15 +43,13 @@ template bgp unet_bgp_up1 {
|
|||||||
import filter {
|
import filter {
|
||||||
if !unet_is_valid_network_v4() then reject;
|
if !unet_is_valid_network_v4() then reject;
|
||||||
if unet_is_self_net() then reject;
|
if unet_is_self_net() then reject;
|
||||||
bgp_large_community.empty;
|
bgp_large_community.add((UNET_ASN,200,0));
|
||||||
bgp_large_community.add((UNET_ASN,200,0));# 传输到Ebgp
|
|
||||||
accept;
|
accept;
|
||||||
};
|
};
|
||||||
export filter {
|
export filter {
|
||||||
if !unet_is_valid_network_v4() then reject;
|
if !unet_is_valid_network_v4() then reject;
|
||||||
if source !~ [RTS_STATIC, RTS_BGP] then reject;
|
if source !~ [RTS_STATIC, RTS_BGP] then reject;
|
||||||
if bgp_large_community !~ [(UNET_ASN, 200,0)] then reject;
|
if bgp_large_community !~ [(UNET_ASN, 200,0)] then reject;
|
||||||
bgp_large_community.empty;
|
|
||||||
accept;
|
accept;
|
||||||
};
|
};
|
||||||
import limit 9000 action block;
|
import limit 9000 action block;
|
||||||
|
|||||||
33
update.sh
33
update.sh
@@ -3,45 +3,12 @@
|
|||||||
cd
|
cd
|
||||||
git clone https://git.nia.ink/brnet/bird_config.git
|
git clone https://git.nia.ink/brnet/bird_config.git
|
||||||
|
|
||||||
# 备份配置
|
|
||||||
cp /etc/bird/ /etc/bird.bak -r
|
|
||||||
|
|
||||||
# 重构主配置文件
|
|
||||||
rm /etc/bird/bird.conf -f
|
|
||||||
mv ./bird_config/bird/bird.conf /etc/bird/bird.conf
|
|
||||||
|
|
||||||
# 构建白名单配置目录
|
|
||||||
mkdir -p /etc/bird/whitelist
|
|
||||||
mv /etc/bird/first/ipconfig.conf /etc/bird/whitelist/ipconfig.conf
|
|
||||||
wget https://noc.zhuantou.com.cn/api/network.php?s=inet4-bird-function -O /etc/bird/whitelist/inet4-bird-function.conf
|
|
||||||
wget https://noc.zhuantou.com.cn/api/network.php?s=inet6-bird-function -O /etc/bird/whitelist/inet6-bird-function.conf
|
|
||||||
wget https://noc.zhuantou.com.cn/api/network.php?s=dn42-bird-function -O /etc/bird/whitelist/dn42-bird-function.conf
|
|
||||||
rm /etc/bird/first -rf
|
|
||||||
|
|
||||||
# 构建模板目录
|
|
||||||
rm /etc/bird/template -rf
|
rm /etc/bird/template -rf
|
||||||
mv ./bird_config/bird/template /etc/bird/template
|
mv ./bird_config/bird/template /etc/bird/template
|
||||||
|
|
||||||
# 构建网络配置目录
|
|
||||||
rm /etc/bird/net -rf
|
|
||||||
mv ./bird_config/bird/net /etc/bird/net
|
|
||||||
|
|
||||||
# 更新UNET配置函数
|
|
||||||
rm /etc/bird/function/unet.conf -f
|
rm /etc/bird/function/unet.conf -f
|
||||||
mv ./bird_config/bird/function/unet.conf /etc/bird/function/unet.conf
|
mv ./bird_config/bird/function/unet.conf /etc/bird/function/unet.conf
|
||||||
|
|
||||||
# 删除ixp模板配置
|
|
||||||
rm /etc/bird/conf/inet_ixp.conf -f
|
|
||||||
|
|
||||||
|
|
||||||
echo "
|
|
||||||
105 dn42" >> /etc/iproute2/rt_tables
|
|
||||||
|
|
||||||
mv ./bird_config/ip-policy-rules /etc/init.d/ip-policy-rules
|
|
||||||
chmod +x /etc/init.d/ip-policy-rules
|
|
||||||
rc-update add ip-policy-rules default
|
|
||||||
rc-service ip-policy-rules start
|
|
||||||
|
|
||||||
|
|
||||||
chmod -R 755 /etc/bird
|
chmod -R 755 /etc/bird
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user