FAELIX/hphr
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

add hphr-*-LONG-* versions of prefix-lists

Browse Source
This commit is contained in:
FAELIX SALT
2020-03-29 17:02:08 +00:00
parent 5f44c407dc
commit d8600e464e
1 changed files with 349 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

350
vyos.conf.j2
View File

@ -228,7 +228,9 @@ protocols {
bgp {{ bgp_as }} { bgp {{ bgp_as }} {
parameters { parameters {
router-id {{ as_data['parameters']['router-id'] }} router-id {{ as_data['parameters']['router-id'] }}
default no-ipv4-unicast default {
no-ipv4-unicast
}
} }
{% if as_data.get('address-family',None) %} {% if as_data.get('address-family',None) %}
address-family { address-family {
@ -481,6 +483,97 @@ policy {
} }
} }
prefix-list hphr-DFZ-LONG-IPv4 {
rule 100 {
prefix 192.168.0.0/16
description "RFC1918"
le 32
action deny
}
rule 101 {
prefix 172.16.0.0/12
description "RFC1918"
le 32
action deny
}
rule 102 {
prefix 10.0.0.0/8
description "RFC1918"
le 32
action deny
}
rule 103 {
prefix 169.254.0.0/16
description "link-local"
le 32
action deny
}
rule 104 {
prefix 100.64.0.0/10
description "CGNAT"
le 32
action deny
}
rule 105 {
prefix 127.0.0.0/8
description "loopback"
le 32
action deny
}
rule 106 {
prefix 192.0.0.0/24
description "IETF protocol assignments"
le 32
action deny
}
rule 107 {
prefix 192.0.2.0/24
description "TEST-NET-1"
le 32
action deny
}
rule 108 {
prefix 198.18.0.0/15
description "Network interconnect device benchmark testing"
le 32
action deny
}
rule 109 {
prefix 198.51.100.0/24
description "TEST-NET-2"
le 32
action deny
}
rule 110 {
prefix 203.0.113.0/24
description "TEST-NET-3"
le 32
action deny
}
rule 111 {
prefix 224.0.0.0/4
description "multicast"
le 32
action deny
}
rule 112 {
prefix 240.0.0.0/4
description "reserved"
le 32
action deny
}
rule 1000 {
prefix 0.0.0.0/0
le 32
action permit
}
rule 65535 {
prefix 0.0.0.0/0
le 32
action deny
}
}
prefix-list hphr-DFZ-DEFAULT-IPv4 { prefix-list hphr-DFZ-DEFAULT-IPv4 {
rule 10 { rule 10 {
prefix 0.0.0.0/0 prefix 0.0.0.0/0
@ -576,6 +669,101 @@ policy {
} }
} }
prefix-list hphr-DFZ-DEFAULT-LONG-IPv4 {
rule 10 {
prefix 0.0.0.0/0
action permit
}
rule 100 {
prefix 192.168.0.0/16
description "RFC1918"
le 32
action deny
}
rule 101 {
prefix 172.16.0.0/12
description "RFC1918"
le 32
action deny
}
rule 102 {
prefix 10.0.0.0/8
description "RFC1918"
le 32
action deny
}
rule 103 {
prefix 169.254.0.0/16
description "link-local"
le 32
action deny
}
rule 104 {
prefix 100.64.0.0/10
description "CGNAT"
le 32
action deny
}
rule 105 {
prefix 127.0.0.0/8
description "loopback"
le 32
action deny
}
rule 106 {
prefix 192.0.0.0/24
description "IETF protocol assignments"
le 32
action deny
}
rule 107 {
prefix 192.0.2.0/24
description "TEST-NET-1"
le 32
action deny
}
rule 108 {
prefix 198.18.0.0/15
description "Network interconnect device benchmark testing"
le 32
action deny
}
rule 109 {
prefix 198.51.100.0/24
description "TEST-NET-2"
le 32
action deny
}
rule 110 {
prefix 203.0.113.0/24
description "TEST-NET-3"
le 32
action deny
}
rule 111 {
prefix 224.0.0.0/4
description "multicast"
le 32
action deny
}
rule 112 {
prefix 240.0.0.0/4
description "reserved"
le 32
action deny
}
rule 1000 {
prefix 0.0.0.0/0
le 32
action permit
}
rule 65535 {
prefix 0.0.0.0/0
le 32
action deny
}
}
prefix-list6 hphr-NO-IPv6 { prefix-list6 hphr-NO-IPv6 {
rule 1 { rule 1 {
prefix ::/0 prefix ::/0
@ -682,6 +870,84 @@ policy {
} }
} }
prefix-list6 hphr-DFZ-LONG-IPv6 {
rule 100 {
prefix ::/128
description "not self"
action deny
}
rule 101 {
prefix ::1/128
description "self"
action deny
}
rule 102 {
prefix ::ffff:0:0/96
description "IPv4-mapped"
le 128
action deny
}
rule 103 {
prefix ::/96
description "IPv4-compatible"
le 128
action deny
}
rule 104 {
prefix 100::/64
description "RTBH addresses"
le 128
action deny
}
rule 105 {
prefix 2001:10::/28
description "ORCHID addresses"
le 128
action deny
}
rule 106 {
prefix 2001:db8::/32
description "documentation prefix"
le 128
action deny
}
rule 107 {
prefix fc00::/7
description "ULA address"
le 128
action deny
}
rule 108 {
prefix fe80::/10
description "link-local"
le 128
action deny
}
rule 109 {
prefix fec0::/10
description "site-local"
le 128
action deny
}
rule 110 {
prefix ff0e::/16
description "global multicast"
le 64
action permit
}
rule 111 {
prefix ff00::/8
description "multicast"
le 128
action deny
}
rule 1000 {
prefix ::/0
le 128
action permit
}
}
prefix-list6 hphr-DFZ-DEFAULT-IPv6 { prefix-list6 hphr-DFZ-DEFAULT-IPv6 {
rule 10 { rule 10 {
prefix ::/0 prefix ::/0
@ -764,6 +1030,88 @@ policy {
} }
} }
prefix-list6 hphr-DFZ-DEFAULT-LONG-IPv6 {
rule 10 {
prefix ::/0
action permit
}
rule 100 {
prefix ::/128
description "not self"
action deny
}
rule 101 {
prefix ::1/128
description "self"
action deny
}
rule 102 {
prefix ::ffff:0:0/96
description "IPv4-mapped"
le 128
action deny
}
rule 103 {
prefix ::/96
description "IPv4-compatible"
le 128
action deny
}
rule 104 {
prefix 100::/64
description "RTBH addresses"
le 128
action deny
}
rule 105 {
prefix 2001:10::/28
description "ORCHID addresses"
le 128
action deny
}
rule 106 {
prefix 2001:db8::/32
description "documentation prefix"
le 128
action deny
}
rule 107 {
prefix fc00::/7
description "ULA address"
le 128
action deny
}
rule 108 {
prefix fe80::/10
description "link-local"
le 128
action deny
}
rule 109 {
prefix fec0::/10
description "site-local"
le 128
action deny
}
rule 110 {
prefix ff0e::/16
description "global multicast"
le 64
action permit
}
rule 111 {
prefix ff00::/8
description "multicast"
le 128
action deny
}
rule 1000 {
prefix ::/0
le 128
action permit
}
}
prefix-list hphr-BLACKHOLE-IPv4 { prefix-list hphr-BLACKHOLE-IPv4 {
rule 1 { rule 1 {
prefix 0.0.0.0/0 prefix 0.0.0.0/0