i

2025-11-03 16:48:18 +08:00
parent ef49aadf0c
commit 725c7f2275
2 changed files with 22 additions and 45 deletions
--- a/bird/net/dn42.conf
+++ b/bird/net/dn42.conf
@@ -7,7 +7,13 @@ template bgp dn42_bgp_up {
          if dn42_is_valid_network() && !dn42_is_self_net() then accept;
          reject;
        };
-        export filter { if dn42_is_valid_network() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; };
+        export filter { 
            if !dn42_is_valid_network() then reject; 
            if source !~ [RTS_STATIC, RTS_BGP] then reject;
            if bgp_large_community !~ [(DN42_ASN, 200,0)] then reject;      
            bgp_large_community.empty;  
            accept;
        };
        import limit 9000 action block; 
    };
    ipv6 {
@@ -16,50 +22,15 @@ template bgp dn42_bgp_up {
          if dn42_is_valid_network_v6() && !dn42_is_self_net_v6() then accept;
          reject;
        };
-        export filter { if dn42_is_valid_network_v6() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; };
+        export filter { 
            if !dn42_is_valid_network_v6() then reject; 
            if source !~ [RTS_STATIC, RTS_BGP] then reject;
            if bgp_large_community !~ [(DN42_ASN, 200,0)] then reject;      
            bgp_large_community.empty;  
            accept;
        };
        import limit 9000 action block; 
    };
 }
 template bgp dn42_ibgp {
    graceful restart;
    local as DN42_ASN;
    med metric;
    direct;
    ipv4 {
        table dn42v4;
        next hop self;
        gateway direct;
        import filter { 
            if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
            if !dn42_is_valid_network() then reject;
            if dn42_is_self_net() then reject;
            accept; 
        };
        export filter { 
            if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
            if !dn42_is_valid_network() then reject;
            if dn42_is_self_net() then reject;
            accept;
            };
    };
    ipv6 {
        table dn42v6;
        next hop self;
        gateway direct;
        import filter { 
            if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
            if !dn42_is_valid_network_v6() then reject;
            if dn42_is_self_net_v6() then reject;
            accept; 
        };
        export filter { 
            if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
            if !dn42_is_valid_network_v6() then reject;
            if dn42_is_self_net_v6() then reject;
            accept;
            };
    };
 }
 include "/etc/bird/peers/dn42/*.conf";
--- a/bird/net/unet.conf
+++ b/bird/net/unet.conf
@@ -1,4 +1,4 @@
-template bgp unet_bgp_up2 {
+template bgp unet_bgp_up1 {
    graceful restart;
    local as UNET_ASN;
    ipv4 {
@@ -7,7 +7,13 @@ template bgp unet_bgp_up2 {
          if unet_is_valid_network_v4() && !unet_is_self_net() then accept;
          reject;
        };
-        export filter { if unet_is_valid_network_v4() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; };
+        export filter { 
            if !unet_is_valid_network_v4() then reject; 
            if source !~ [RTS_STATIC, RTS_BGP] then reject;
            if bgp_large_community !~ [(UNET_ASN, 200,0)] then reject;      
            bgp_large_community.empty;  
            accept;
        };
        import limit 9000 action block; 
    };
 }