Update bird/bird.conf.tmpl

bird/bird.conf.tmpl

@@ -21,9 +21,16 @@ ipv4 table lixonet;
 # Static routes
 # Define propagated routes here from the lixonet.conf "routes" variable
 # Attached to the above "lixonet" routing table; "provide" these routes into it
+# See how dn42 does it; we're very similar: https://dn42.net/howto/Bird
 protocol static {
-    ipv4 { table lixonet; };
+    ipv4 {
-    {{ if len "${routes:-}" }}{{ range "$routes" | split "," }}route {{.}} unreachable;{{ end }}{{ end }}
+        table lixonet;
+        import all;
+        export none;
+    };
+
+    # Announced networks
+    {{ if len "${routes:-}" }}{{ range "$routes" | split "," }}route {{.}} reject;{{ end }}{{ end }}
 };
 
 # Device
@@ -60,13 +67,14 @@ protocol kernel {               # Primary routing table
 # Define a series of filters for Lixonet routing policies:
 #  - Cannot advertise a route which is in the router subnet: typically 172.x.0.0/24
 # See: https://gitlab.labs.nic.cz/labs/bird/wikis/BGP_filtering
+# For syntax docs, see: https://bird.network.cz/?get_doc&v=16&f=bird-5.html
 
 # Returns TRUE if the given tested network is within the global network prefix for
 # Lixonet.  Used to filter networks outside of this range as they are not within
 # the global mesh network.
 function net_lixonet_global()
 {
-    return net ~ [ ${network_address}/${global_prefix:-16} ];
+    return net ~ [ ${network_address}/{${global_prefix:-16},32} ];
 }
 
 # Returns TRUE if the given tested network is within the router network prefix for
@@ -74,7 +82,7 @@ function net_lixonet_global()
 # for us.  Helps prevent a security vulnerability of hijacking another router.
 function net_lixonet_router()
 {
-    return net ~ [ ${network_address}/${router_prefix:-24} ];
+    return net ~ [ ${network_address}/{${router_prefix:-24},32} ];
 }
 
 filter lixonet_import