Difference between revisions of "Automatic Bogon Firewalling Using uRPF and Team Cymru"
Jump to navigation
Jump to search
(Created page with "interface FastEthernet0 description EXTERNAL ip verify unicast reverse-path 100 ! router bgp 65504 bgp log-neighbor-changes neighbor CYMRU peer-group neighbor CYMRU remot...") |
|||
| Line 1: | Line 1: | ||
| − | + | ip bgp-community new-format | |
| − | description | + | ip community-list expanded CYMRU-BOGONS permit 65000:888 |
| − | ip | + | ! |
| + | ip route 192.0.2.1 255.255.255.255 Null0 name NULL_ROUTE_FOR_CYMRU_BOGONS | ||
| + | ! | ||
| + | route-map CYMRU-BOGONS permit 10 | ||
| + | description BOGONS LIST FOR URPF FILTERING | ||
| + | match community CYMRU-BOGONS | ||
| + | set ip next-hop 192.0.2.1 | ||
| + | ! | ||
| + | ip prefix-list CYMRU-OUT seq 10 deny 0.0.0.0/0 le 32 | ||
! | ! | ||
router bgp 65504 | router bgp 65504 | ||
| Line 24: | Line 32: | ||
exit-address-family | exit-address-family | ||
! | ! | ||
| − | ip | + | access-list 100 remark ---- ACL FOR URPF ---- |
| + | access-list 100 permit udp any eq bootps any eq bootpc | ||
| + | access-list 100 deny ip any any | ||
! | ! | ||
| − | + | interface FastEthernet0 | |
| − | + | description EXTERNAL | |
| − | + | ip verify unicast reverse-path 100 | |
| − | ip | ||
! | ! | ||
| + | |||
| + | |||
| + | |||
ip prefix-list CYMRU_NAT-T_FIX seq 10 permit 192.168.0.0/16 | ip prefix-list CYMRU_NAT-T_FIX seq 10 permit 192.168.0.0/16 | ||
| − | |||
| − | |||
| − | |||
| − | |||
! | ! | ||
route-map CYMRU-BOGONS deny 5 | route-map CYMRU-BOGONS deny 5 | ||
| Line 42: | Line 50: | ||
match community CYMRU-BOGONS | match community CYMRU-BOGONS | ||
! | ! | ||
| − | |||
| − | |||
| − | |||
| − | |||
Revision as of 10:36, 8 November 2013
ip bgp-community new-format ip community-list expanded CYMRU-BOGONS permit 65000:888 ! ip route 192.0.2.1 255.255.255.255 Null0 name NULL_ROUTE_FOR_CYMRU_BOGONS ! route-map CYMRU-BOGONS permit 10
description BOGONS LIST FOR URPF FILTERING match community CYMRU-BOGONS set ip next-hop 192.0.2.1
! ip prefix-list CYMRU-OUT seq 10 deny 0.0.0.0/0 le 32 ! router bgp 65504
bgp log-neighbor-changes neighbor CYMRU peer-group neighbor CYMRU remote-as 65000 neighbor CYMRU description CYMRU BOGONS LIST neighbor CYMRU ebgp-multihop 255 neighbor CYMRU password 7 1234567890 neighbor CYMRU update-source Loopback6 neighbor 2000:B00:B00:10::2 peer-group CYMRU neighbor 2000:C00:C00:10::2 peer-group CYMRU ! address-family ipv4 neighbor CYMRU soft-reconfiguration inbound neighbor CYMRU prefix-list CYMRU-OUT out neighbor CYMRU route-map CYMRU-BOGONS in neighbor 2000:B00:B00:10::2 activate neighbor 2000:C00:C00:10::2 activate no auto-summary no synchronization exit-address-family
! access-list 100 remark ---- ACL FOR URPF ---- access-list 100 permit udp any eq bootps any eq bootpc access-list 100 deny ip any any ! interface FastEthernet0
description EXTERNAL ip verify unicast reverse-path 100
!
ip prefix-list CYMRU_NAT-T_FIX seq 10 permit 192.168.0.0/16 ! route-map CYMRU-BOGONS deny 5
description TO FIX NAT-T match ip address prefix-list CYMRU_NAT-T_FIX match community CYMRU-BOGONS
!