filter.txt 1.5 KB

123456789101112131415161718192021222324252627282930313233
  1. # For Quagga Rules:
  2. # cat filter.txt | \
  3. # grep -e ^[0-9] | \
  4. # awk '{ print "ip prefix-list dn42-in seq " $1 " " $2 " " $3 " ge " $4 " le " $5}' | \
  5. # sed "s_/\([0-9]\+\) ge \1_/\1_g;s_/\([0-9]\+\) le \1_/\1_g"
  6. #
  7. # For BIRD Rules: (see also: utils/bgp-filter.rb)
  8. # cat filter.txt | \
  9. # awk 'BEGIN {printf "function is_valid_network() {\n return net ~ [\n" } \
  10. # /^[0-9]/ && $2 ~ /permit/ {printf " %s{%s,%s},\n", $3, $4, $5};' | \
  11. # sed "$ s/,$/\n ];\n}/"
  12. # The rules MUST be sorted by the number column first and then the first matching rule MUST be used.
  13. # ROAs MUST be checked against these rules and max-length of the ROA NUST NOT be longer than allowed by the matching rule.
  14. #Nr Action Prefix MinLen MaxLen
  15. 0001 deny 172.22.166.0/24 24 32 # Black List due not responding to abuse mails after wiki grief.
  16. 1001 permit 172.20.0.0/24 28 32 # dn42 Anycast range
  17. 1002 permit 172.21.0.0/24 28 32 # dn42 Anycast range
  18. 1003 permit 172.22.0.0/24 28 32 # dn42 Anycast range
  19. 1004 permit 172.23.0.0/24 28 32 # dn42 Anycast range
  20. 1100 permit 172.20.0.0/14 21 29 # dn42 main net
  21. 2001 permit 10.100.0.0/14 14 32 # chaosvpn
  22. 2002 permit 10.127.0.0/16 16 32 # neonetwork
  23. 2003 permit 10.0.0.0/8 15 24 # freifunk
  24. 3001 permit 172.31.0.0/16 16 32 # chaosvpn
  25. 9999 deny 0.0.0.0/0 0 32 # block the rest