Update bird/bird.conf.tmpl

2020-05-21 01:04:35 +00:00 · 2020-05-21 01:04:35 +00:00 · 1b5e4d846d
commit 1b5e4d846d
parent abccbb60a7
1 changed files with 8 additions and 13 deletions
--- a/bird/bird.conf.tmpl
+++ b/bird/bird.conf.tmpl
@ -58,6 +58,7 @@ protocol kernel {               # Primary routing table
    persist;                # Don't remove routes on bird shutdown
    scan time 10;           # Scan kernel routing table every 10 seconds
    ipv4 {
+        table lixonet;
        import none;        # Don't try to import any routes from the kernel
        export all;         # Export everything we are told to the kernel
    };
@ -72,7 +73,7 @@ protocol kernel {               # Primary routing table
 # Returns TRUE if the given tested network is within the global network prefix for
 # Lixonet.  Used to filter networks outside of this range as they are not within
 # the global mesh network.
-function net_lixonet_global()
+function is_lixonet_global()
 {
    return net ~ [ ${network_address}/${global_prefix:-16}+ ];
 }
@ -80,22 +81,16 @@ function net_lixonet_global()
 # Returns TRUE if the given tested network is within the router network prefix for
 # Lixonet.  Used to filter these routes from BGP as Tinc statically assigns them
 # for us.  Helps prevent a security vulnerability of hijacking another router.
-function net_lixonet_router()
+function is_lixonet_router()
 {
    return net ~ [ ${network_address}/${router_prefix:-24}+ ];
 }

-filter lixonet_import
+filter lixonet_route_filter
 {
    # TODO: check RPKI here!
-    if net_lixonet_router() then reject; # Reject poisons
-    if net_lixonet_global() then accept; # Accept anything else
-    reject; # Reject anything else (non-Lixonet)
-}
-
-filter lixonet_export
-{
-    if net_lixonet_global() then accept; # Accept anything in LXN
+    if is_lixonet_router() then reject; # Reject poisons
+    if is_lixonet_global() then accept; # Accept anything else
    reject; # Reject anything else (non-Lixonet)
 }

@ -136,8 +131,8 @@ template bgp lixonet_client {
        # Set filters for both exported (sent) and imported (received) BGP prefixes.
        # This is explicitly required per RFC 8212, at least on export.
        # See: https://gitlab.labs.nic.cz/labs/bird/commit/3831b619661d08d935fd78656732cd2f339ff811
-        export filter lixonet_export;
-        import filter lixonet_import;
+        export filter lixonet_route_filter;
+        import filter lixonet_route_filter;
    };
 };