fix
This commit is contained in:
@@ -1,9 +1,6 @@
|
||||
function unet_is_valid_network_v4() {
|
||||
return net ~ [
|
||||
10.50.0.0/16+,
|
||||
10.88.0.0/16+,
|
||||
10.21.0.0/16+,
|
||||
10.188.0.0/16+
|
||||
10.0.0.0/8+
|
||||
];
|
||||
}
|
||||
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
filter filter_inet4_bgp_import {
|
||||
if is_self_net_inet4() then reject;
|
||||
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
|
||||
bgp_large_community.empty;
|
||||
bgp_large_community.add((LOCAL_ASN,200,0));
|
||||
accept;
|
||||
}
|
||||
@@ -11,15 +10,13 @@ filter filter_inet4_bgp_export {
|
||||
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
|
||||
if source != RTS_STATIC then reject;
|
||||
if bgp_large_community !~ [(LOCAL_ASN, 200,0)] then reject;
|
||||
bgp_large_community.empty;
|
||||
accept;
|
||||
}
|
||||
|
||||
filter filter_inet6_bgp_import {
|
||||
if is_self_net_inet6() then reject;
|
||||
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
|
||||
bgp_large_community.empty;
|
||||
bgp_large_community.add((LOCAL_ASN,200,0));# 传输到Ebgp
|
||||
bgp_large_community.add((LOCAL_ASN,200,0));
|
||||
accept;
|
||||
}
|
||||
|
||||
@@ -28,7 +25,6 @@ filter filter_inet6_bgp_export {
|
||||
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
|
||||
if source != RTS_STATIC then reject;
|
||||
if bgp_large_community !~ [(LOCAL_ASN, 200,0)] then reject;
|
||||
bgp_large_community.empty;
|
||||
accept;
|
||||
}
|
||||
|
||||
|
||||
@@ -12,7 +12,6 @@ template bgp tpl_inet6_ixp {
|
||||
if !is_self_net_inet6() then reject;
|
||||
if is_bogon_prefix() || (bgp_path.len > 100) then reject;
|
||||
if bgp_large_community !~ [(LOCAL_ASN, 200,0)] then reject;
|
||||
bgp_large_community.empty;
|
||||
accept;
|
||||
};
|
||||
};
|
||||
|
||||
@@ -6,15 +6,13 @@ template bgp unet_bgp_up0 {
|
||||
import filter {
|
||||
if !unet_is_valid_network_v4_allnet() then reject;
|
||||
if unet_is_self_net() then reject;
|
||||
bgp_large_community.empty;
|
||||
bgp_large_community.add((UNET_ASN,200,0));# 传输到Ebgp
|
||||
bgp_large_community.add((UNET_ASN,200,0));
|
||||
accept;
|
||||
};
|
||||
export filter {
|
||||
if !unet_is_valid_network_v4_allnet() then reject;
|
||||
if source !~ [RTS_STATIC, RTS_BGP] then reject;
|
||||
if bgp_large_community !~ [(UNET_ASN, 200,0)] then reject;
|
||||
bgp_large_community.empty;
|
||||
accept;
|
||||
};
|
||||
import limit 9000 action block;
|
||||
@@ -24,15 +22,13 @@ template bgp unet_bgp_up0 {
|
||||
import filter {
|
||||
if !unet_is_voalid_net_v6() then reject;
|
||||
if unet_is_self_net_v6() then reject;
|
||||
bgp_large_community.empty;
|
||||
bgp_large_community.add((UNET_ASN,200,0));# 传输到Ebgp
|
||||
bgp_large_community.add((UNET_ASN,200,0));
|
||||
accept;
|
||||
};
|
||||
export filter {
|
||||
if !unet_is_voalid_net_v6() then reject;
|
||||
if source !~ [RTS_STATIC, RTS_BGP] then reject;
|
||||
if bgp_large_community !~ [(UNET_ASN, 200,0)] then reject;
|
||||
bgp_large_community.empty;
|
||||
accept;
|
||||
};
|
||||
import limit 9000 action block;
|
||||
@@ -47,15 +43,13 @@ template bgp unet_bgp_up1 {
|
||||
import filter {
|
||||
if !unet_is_valid_network_v4() then reject;
|
||||
if unet_is_self_net() then reject;
|
||||
bgp_large_community.empty;
|
||||
bgp_large_community.add((UNET_ASN,200,0));# 传输到Ebgp
|
||||
bgp_large_community.add((UNET_ASN,200,0));
|
||||
accept;
|
||||
};
|
||||
export filter {
|
||||
if !unet_is_valid_network_v4() then reject;
|
||||
if source !~ [RTS_STATIC, RTS_BGP] then reject;
|
||||
if bgp_large_community !~ [(UNET_ASN, 200,0)] then reject;
|
||||
bgp_large_community.empty;
|
||||
accept;
|
||||
};
|
||||
import limit 9000 action block;
|
||||
|
||||
33
update.sh
33
update.sh
@@ -3,45 +3,12 @@
|
||||
cd
|
||||
git clone https://git.nia.ink/brnet/bird_config.git
|
||||
|
||||
# 备份配置
|
||||
cp /etc/bird/ /etc/bird.bak -r
|
||||
|
||||
# 重构主配置文件
|
||||
rm /etc/bird/bird.conf -f
|
||||
mv ./bird_config/bird/bird.conf /etc/bird/bird.conf
|
||||
|
||||
# 构建白名单配置目录
|
||||
mkdir -p /etc/bird/whitelist
|
||||
mv /etc/bird/first/ipconfig.conf /etc/bird/whitelist/ipconfig.conf
|
||||
wget https://noc.zhuantou.com.cn/api/network.php?s=inet4-bird-function -O /etc/bird/whitelist/inet4-bird-function.conf
|
||||
wget https://noc.zhuantou.com.cn/api/network.php?s=inet6-bird-function -O /etc/bird/whitelist/inet6-bird-function.conf
|
||||
wget https://noc.zhuantou.com.cn/api/network.php?s=dn42-bird-function -O /etc/bird/whitelist/dn42-bird-function.conf
|
||||
rm /etc/bird/first -rf
|
||||
|
||||
# 构建模板目录
|
||||
rm /etc/bird/template -rf
|
||||
mv ./bird_config/bird/template /etc/bird/template
|
||||
|
||||
# 构建网络配置目录
|
||||
rm /etc/bird/net -rf
|
||||
mv ./bird_config/bird/net /etc/bird/net
|
||||
|
||||
# 更新UNET配置函数
|
||||
rm /etc/bird/function/unet.conf -f
|
||||
mv ./bird_config/bird/function/unet.conf /etc/bird/function/unet.conf
|
||||
|
||||
# 删除ixp模板配置
|
||||
rm /etc/bird/conf/inet_ixp.conf -f
|
||||
|
||||
|
||||
echo "
|
||||
105 dn42" >> /etc/iproute2/rt_tables
|
||||
|
||||
mv ./bird_config/ip-policy-rules /etc/init.d/ip-policy-rules
|
||||
chmod +x /etc/init.d/ip-policy-rules
|
||||
rc-update add ip-policy-rules default
|
||||
rc-service ip-policy-rules start
|
||||
|
||||
|
||||
chmod -R 755 /etc/bird
|
||||
|
||||
|
||||
Reference in New Issue
Block a user