CRXN
/
docs
mirror of https://codeberg.org/CRXN/docs.git
1
0
Fork 0
Code Releases Activity
docs/docs/routing/bird/maxlen-filter.md

924 B
Raw Blame History

Implement max-len filter

To implement a max-length filter, we need a rule/policy/filter file that contains the corresponding prefixes with their maximum length. The entitydb contains a bash script build_maxlen_filter.sh for this purpose. If you run this script, you will get a bird-compatible list.

define CRXN_IPs = [
    include "<path-to-file>";
];

function is_crxn_net() {
  return net ~ CRXN_IPs;
}

This bird configuration can be used to load the file. You have to replace <path-to-file> with the path of the filter file. The function is_crxn_net then checks whether a route complies with the rules or not.

if (! is_crxn_net() ) then {
    print "[CRXN] Invalid crxn route: ", net;
    reject;
}

This configuration can then be added to your import filter before 'accept'. The line with print is optional. If you leave this line, every hjack attempt will be logged in the bird log output.