Automatic Bogon Firewalling Using uRPF and Team Cymru

From Baranoski.ca
Revision as of 09:27, 8 November 2013 by Casey (talk | contribs) (Created page with "interface FastEthernet0 description EXTERNAL ip verify unicast reverse-path 100 ! router bgp 65504 bgp log-neighbor-changes neighbor CYMRU peer-group neighbor CYMRU remot...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

interface FastEthernet0 

description EXTERNAL
ip verify unicast reverse-path 100

! router bgp 65504 

bgp log-neighbor-changes
neighbor CYMRU peer-group
neighbor CYMRU remote-as 65000
neighbor CYMRU description CYMRU BOGONS LIST
neighbor CYMRU ebgp-multihop 255
neighbor CYMRU password 7 1234567890
neighbor CYMRU update-source Loopback6
neighbor 2000:B00:B00:10::2 peer-group CYMRU
neighbor 2000:C00:C00:10::2 peer-group CYMRU
!
address-family ipv4
 neighbor CYMRU soft-reconfiguration inbound
 neighbor CYMRU prefix-list CYMRU-OUT out
 neighbor CYMRU route-map CYMRU-BOGONS in
 neighbor 2000:B00:B00:10::2 activate
 neighbor 2000:C00:C00:10::2 activate
 no auto-summary
 no synchronization
exit-address-family

! ip route 192.0.2.1 255.255.255.255 Null0 name NULL_ROUTE_FOR_CYMRU_BOGONS ! ip bgp-community new-format ip community-list expanded CYMRU-BOGONS permit 65000:888 ! ip prefix-list CYMRU-OUT seq 10 deny 0.0.0.0/0 le 32 ! ip prefix-list CYMRU_NAT-T_FIX seq 10 permit 192.168.0.0/16 ! access-list 100 remark ---- ACL FOR URPF ---- access-list 100 permit udp any eq bootps any eq bootpc access-list 100 deny ip any any ! route-map CYMRU-BOGONS deny 5 

description TO FIX NAT-T
match ip address prefix-list CYMRU_NAT-T_FIX
match community CYMRU-BOGONS

! route-map CYMRU-BOGONS permit 10 

description BOGONS LIST FOR URPF FILTERING
match community CYMRU-BOGONS
set ip next-hop 192.0.2.1
Retrieved from "https://baranoski.ca/index.php?title=Automatic_Bogon_Firewalling_Using_uRPF_and_Team_Cymru&oldid=97"