|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Bogon filtering (don't ban me)
On 5 Dec 2004, at 13:31, william(at)elan.net wrote: No -- pf is a packet filter, and in this case the rules for what filters to packet are being driven by BGP updates instead of static config. Nothing is being re-introduced from pf into BGP.On Sun, 5 Dec 2004, william(at)elan.net wrote:On Sun, 5 Dec 2004, Joe Abley wrote:PF and bgpd with local filter table is good when you're expecting thoseWith OpenBSD 3.6 running pf and bgpd, you can apply a filter rule to BGP updates received from individual peers which updates a pf radix table with the network received: It's very true that the routes received from the bogon servers don't change very often. However, I still very much like the idea of outsourcing the job of keeping my firewalls' bogon filters up-to-date to team cymru, rather than having to worry about doing it myself. I'm sure there are many ways to skin this particular house pet.For looking at active routes and seeing which ones match the rules I personally use "hacked" bird daemon, but it is not ready for public testing... OpenBSD 3.6 let me do all this stuff out-of-the-box, without installing a single other package. I find that I like that; not having to compile and tweak stuff makes me happy. I guess I'm getting old. Joe
|