Difference between revisions of "Automatic Bogon Firewalling Using uRPF and Team Cymru"
Jump to navigation
Jump to search
(Created page with "interface FastEthernet0 description EXTERNAL ip verify unicast reverse-path 100 ! router bgp 65504 bgp log-neighbor-changes neighbor CYMRU peer-group neighbor CYMRU remot...") |
(No difference)
|
Revision as of 10:27, 8 November 2013
interface FastEthernet0
description EXTERNAL ip verify unicast reverse-path 100
! router bgp 65504
bgp log-neighbor-changes neighbor CYMRU peer-group neighbor CYMRU remote-as 65000 neighbor CYMRU description CYMRU BOGONS LIST neighbor CYMRU ebgp-multihop 255 neighbor CYMRU password 7 1234567890 neighbor CYMRU update-source Loopback6 neighbor 2000:B00:B00:10::2 peer-group CYMRU neighbor 2000:C00:C00:10::2 peer-group CYMRU ! address-family ipv4 neighbor CYMRU soft-reconfiguration inbound neighbor CYMRU prefix-list CYMRU-OUT out neighbor CYMRU route-map CYMRU-BOGONS in neighbor 2000:B00:B00:10::2 activate neighbor 2000:C00:C00:10::2 activate no auto-summary no synchronization exit-address-family
! ip route 192.0.2.1 255.255.255.255 Null0 name NULL_ROUTE_FOR_CYMRU_BOGONS ! ip bgp-community new-format ip community-list expanded CYMRU-BOGONS permit 65000:888 ! ip prefix-list CYMRU-OUT seq 10 deny 0.0.0.0/0 le 32 ! ip prefix-list CYMRU_NAT-T_FIX seq 10 permit 192.168.0.0/16 ! access-list 100 remark ---- ACL FOR URPF ---- access-list 100 permit udp any eq bootps any eq bootpc access-list 100 deny ip any any ! route-map CYMRU-BOGONS deny 5
description TO FIX NAT-T match ip address prefix-list CYMRU_NAT-T_FIX match community CYMRU-BOGONS
! route-map CYMRU-BOGONS permit 10
description BOGONS LIST FOR URPF FILTERING match community CYMRU-BOGONS set ip next-hop 192.0.2.1