diff --git a/bird/bird.conf b/bird/bird.conf index fc3cdca..1101c07 100644 --- a/bird/bird.conf +++ b/bird/bird.conf @@ -1,5 +1,5 @@ include "/etc/bird/vars.conf"; -include "/etc/bird/first/*.conf"; +include "/etc/bird/whitelist/*.conf"; include "/etc/bird/function/*.conf"; include "/etc/bird/conf/*.conf"; @@ -7,47 +7,23 @@ protocol device { scan time 10; }; -protocol kernel { - scan time 20; - ipv6 { - import none; - export filter { - if source = RTS_STATIC then reject; - if !is_bogon_prefix() then { - krt_prefsrc = LOCAL_V6_kernel; - accept; - } - if is_dn42_prefix() then { - krt_prefsrc = DN42_V6_kernel; - accept; - } - reject; - }; - }; -}; - protocol kernel { scan time 20; ipv4 { import none; export filter { if source = RTS_STATIC then reject; - if !is_bogon_prefix() then { - krt_prefsrc = LOCAL_V4_kernel; - accept; - } if unet_is_valid_network_v4() then { krt_prefsrc = UNET_V4_kernel; accept; } - if is_dn42_prefix() then { - krt_prefsrc = DN42_V4_kernel; - accept; - } reject; }; }; }; include "/etc/bird/net/*.conf"; -include "/etc/bird/template/include.conf"; \ No newline at end of file +include "/etc/bird/template/*.conf"; +include "/etc/bird/peers/inet/*.conf"; +include "/etc/bird/peers/dn42/*.conf"; +include "/etc/bird/peers/unet/*.conf"; diff --git a/bird/conf/inet_ixp.conf b/bird/conf/inet_ixp.conf deleted file mode 100644 index e217ebf..0000000 --- a/bird/conf/inet_ixp.conf +++ /dev/null @@ -1,13 +0,0 @@ -protocol static route_int_export_ixp_v6 { - route 2406:840:e600::/44 reject; - ipv6 { - table inet6; - import filter { - bgp_large_community.add((LOCAL_ASN,3,0)); - bgp_large_community.add((LOCAL_ASN,1,0)); - bgp_large_community.add((LOCAL_ASN,200,1)); - accept; - }; - export none; - }; -} \ No newline at end of file diff --git a/bird/first/inet.conf b/bird/first/inet.conf deleted file mode 100644 index cbed4fd..0000000 --- a/bird/first/inet.conf +++ /dev/null @@ -1,26 +0,0 @@ -function is_self_net() { - return net ~ [ - 44.32.191.0/24+ - ]; -} - - -function is_self_net_v6() { - return net ~ [ - 2406:840:e600::/44+, - 2a0f:1cc5:10::/44+ - ]; -} - - -function dn42_is_self_net() { - return net ~ [ - 172.20.21.0/26+ - ]; -} - -function dn42_is_self_net_v6() { - return net ~ [ - fde8:936e:ee29::/48+ - ]; -} diff --git a/bird/function/unet.conf b/bird/function/unet.conf index 825095c..bb952c9 100644 --- a/bird/function/unet.conf +++ b/bird/function/unet.conf @@ -9,13 +9,13 @@ function unet_is_valid_network_v4() { function unet_is_valid_network_v4_allnet(){ if unet_is_valid_network_v4() then return true; - if is_self_net() then return true; - if dn42_is_self_net() then return true; + if is_self_net_inet4() then return true; + if is_self_net_dn42v4() then return true; return false; } function unet_is_voalid_net_v6(){ - if is_self_net_v6() then return true; - if dn42_is_self_net_v6() then return true; + if is_self_net_inet6() then return true; + if is_self_net_dn42v6() then return true; return false; } \ No newline at end of file diff --git a/bird/net/dn42.conf b/bird/net/dn42.conf index fcaa521..006b506 100644 --- a/bird/net/dn42.conf +++ b/bird/net/dn42.conf @@ -1,17 +1,35 @@ -protocol pipe dn42v4_sync { - table dn42v4; - peer table master4; - export filter { - if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject; - accept; +protocol kernel kernel_dn42v4_105 { + scan time 20; + kernel table 105; + ipv4 { + table dn42v4; + import none; + export filter { + if source = RTS_STATIC then reject; + if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject; + if is_dn42_prefix() then { + krt_prefsrc = DN42_V4_kernel; + accept; + } + reject; + }; }; -} +}; -protocol pipe dn42v6_sync { - table dn42v6; - peer table master6; - export filter { - if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject; - accept; +protocol kernel kernel_dn42v6_105 { + scan time 20; + kernel table 105; + ipv4 { + table dn42v6; + import none; + export filter { + if source = RTS_STATIC then reject; + if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject; + if is_dn42_prefix() then { + krt_prefsrc = DN42_V6_kernel; + accept; + } + reject; + }; }; -} \ No newline at end of file +}; \ No newline at end of file diff --git a/bird/net/inet.conf b/bird/net/inet.conf index 0f74054..a3a04e8 100644 --- a/bird/net/inet.conf +++ b/bird/net/inet.conf @@ -16,12 +16,21 @@ protocol kernel kernel_inet4_102 { }; }; -protocol pipe inet6_sync_to_master6 { - table inet6; - peer table master6; - export filter { - if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject; - accept; + +protocol kernel kernel_inet6_102 { + scan time 20; + kernel table 102; + ipv6 { + table inet6; + import none; + export filter { + if source = RTS_STATIC then reject; + if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject; + if !is_bogon_prefix() then { + krt_prefsrc = LOCAL_V6_kernel; + accept; + } + reject; + }; }; - import none; -} \ No newline at end of file +}; \ No newline at end of file diff --git a/bird/template/include.conf b/bird/template/include.conf deleted file mode 100644 index be13aab..0000000 --- a/bird/template/include.conf +++ /dev/null @@ -1,9 +0,0 @@ -include "/etc/bird/template/inet.conf"; -include "/etc/bird/template/inet_ixp.conf"; -include "/etc/bird/peers/inet/*"; - -include "/etc/bird/template/dn42.conf"; -include "/etc/bird/peers/dn42/*.conf"; - -include "/etc/bird/template/unet.conf"; -include "/etc/bird/peers/unet/*.conf"; diff --git a/bird/template/inet_ixp.conf b/bird/template/inet_ixp.conf index 29ebc23..394fde7 100644 --- a/bird/template/inet_ixp.conf +++ b/bird/template/inet_ixp.conf @@ -11,7 +11,7 @@ template bgp tpl_inet6_ixp { export filter { if !is_self_net_v6() then reject; if is_bogon_prefix() || (bgp_path.len > 100) then reject; - if bgp_large_community !~ [(LOCAL_ASN, 200,1)] then reject; + if bgp_large_community !~ [(LOCAL_ASN, 200,0)] then reject; bgp_large_community.empty; accept; }; diff --git a/bird/first/ipconfig.conf b/bird/whitelist/ipconfig.conf similarity index 100% rename from bird/first/ipconfig.conf rename to bird/whitelist/ipconfig.conf diff --git a/update.sh b/update.sh index 81893cb..8584de7 100644 --- a/update.sh +++ b/update.sh @@ -3,7 +3,35 @@ cd git clone https://git.nia.ink/brnet/bird_config.git -mv ./bird_config/bird/net/inet.conf /etc/bird/net/inet.conf +# 备份配置 +cp /etc/bird/ /etc/bird.bak -r + +# 重构主配置文件 +rm /etc/bird/bird.conf -f +mv ./bird_config/bird/bird.conf /etc/bird/bird.conf + +# 构建白名单配置目录 +mkdir -p /etc/bird/whitelist +mv /etc/bird/first/ipconfig.conf /etc/bird/whitelist/ipconfig.conf +wget https://noc.zhuantou.com.cn/api/network.php?s=inet4-bird-function -O /etc/bird/whitelist/inet4-bird-function.conf +wget https://noc.zhuantou.com.cn/api/network.php?s=inet6-bird-function -O /etc/bird/whitelist/inet6-bird-function.conf +wget https://noc.zhuantou.com.cn/api/network.php?s=dn42-bird-function -O /etc/bird/whitelist/dn42-bird-function.conf +rm /etc/bird/first -rf + +# 构建模板目录 +rm /etc/bird/template -rf +mv ./bird_config/bird/template /etc/bird/template -r + +# 构建网络配置目录 +rm /etc/bird/net -rf +mv ./bird_config/bird/net /etc/bird/net -r + +# 更新UNET配置函数 +rm /etc/bird/function/unet.conf -f +mv ./bird_config/bird/function/unet.conf /etc/bird/function/unet.conf + +# 删除ixp模板配置 +rm /etc/bird/conf/inet_ixp.conf -f chmod -R 755 /etc/bird