Automatic Bogon Firewalling Using uRPF and Team Cymru

From Baranoski.ca
Revision as of 09:39, 8 November 2013 by Casey (talk | contribs)
Jump to navigation Jump to search 
ip bgp-community new-format

ip community-list expanded CYMRU-BOGONS permit 65000:888

ip route 192.0.2.1 255.255.255.255 Null0 name NULL_ROUTE_FOR_CYMRU_BOGONS

route-map CYMRU-BOGONS permit 10
 description BOGONS LIST FOR URPF FILTERING
 match community CYMRU-BOGONS
 set ip next-hop 192.0.2.1

ip prefix-list CYMRU-OUT seq 10 deny 0.0.0.0/0 le 32

router bgp 65504
 bgp log-neighbor-changes
 neighbor CYMRU peer-group
 neighbor CYMRU remote-as 65000
 neighbor CYMRU description CYMRU BOGONS LIST
 neighbor CYMRU ebgp-multihop 255
 neighbor CYMRU password 7 1234567890
 neighbor CYMRU update-source Loopback6
 neighbor 2000:B00:B00:10::2 peer-group CYMRU
 neighbor 2000:C00:C00:10::2 peer-group CYMRU

 address-family ipv4
  neighbor CYMRU soft-reconfiguration inbound
  neighbor CYMRU prefix-list CYMRU-OUT out
  neighbor CYMRU route-map CYMRU-BOGONS in
  neighbor 2000:B00:B00:10::2 activate
  neighbor 2000:C00:C00:10::2 activate
  no auto-summary
  no synchronization
 exit-address-family

access-list 100 remark ---- ACL FOR URPF ----
access-list 100 permit udp any eq bootps any eq bootpc
access-list 100 deny   ip any any

interface FastEthernet0
 description EXTERNAL
 ip verify unicast reverse-path 100

ip prefix-list CYMRU_NAT-T_FIX seq 10 permit 192.168.0.0/16

route-map CYMRU-BOGONS deny 5
 description TO FIX NAT-T
 match ip address prefix-list CYMRU_NAT-T_FIX
 match community CYMRU-BOGONS
Retrieved from "https://baranoski.ca/index.php?title=Automatic_Bogon_Firewalling_Using_uRPF_and_Team_Cymru&oldid=99"