so I'm still trying with a better set of defaults, filtering out the /27s in cerowrt... I asked the openwrt list how to do it right in uci (below)...
And something that makes my head hurt is dealing with exporting or not exporting the default static route installed by dhcp, along with just exporting the covering route. So, ok: I presently do this in /etc/firewall.user ip route add unreachable 172.21.2.0/24 proto static And in babeld.conf 1) Does this also export the default route? (not what I want by default) redistribute ip 0.0.0.0/0 le 24 allow redistribute local deny (In internal gateways I usually turn off fetching the default route via dhcp, but I want a default setup that works right in all cases, and that sadly includes default routes set by dhcp) 2) Will this correctly export the default route if I changed it to allow? If a box isn't a default gateway should I put in a specific deny or allow line? Or use eq as I just did? or? redistribute ip 0.0.0.0/0 eq 0 deny redistribute ip 0.0.0.0/0 le 24 allow redistribute local deny On Sat, Jul 12, 2014 at 4:10 PM, Dave Taht <dave.t...@bufferbloat.net> wrote: > I have been trying to simplify my babel setup. I have > 8 /27s out of a single /24 that I would like not > to have to expose to the universe. > > I have 172.21.2.0/27, 172.21.2.64/27 etc > on each of the 8 devices I have. > > But there is no need to export each /27, as these > are out of a single /24. > > The way to do that is to setup /etc/babel.conf to only > let /24s out... > > redistribute ip 0.0.0.0/0 le 24 allow > redistribute local deny > > (this can also easily be expressed in the /etc/config/babeld > file) > > And at the moment, I add this to /etc/firewall.user > to add the covering route locally. > > ip route add unreachable 172.21.2.0/24 proto static > > Boom, I go from exporting 16 routes to 1. > > Where I'm stuck is on how to express the above line > inside of uci and luci. Luci demands both a specific > interface name and a numeric destination, if you are > trying this via the route method. > > If you try the otherwise promising uci newfangled "rule" method > by adding something like this to /etc/config/network > > config rule > option dest '172.21.2.0/24' > option action 'unreachable' > > You end up bricking the router's network setup. > > http://wiki.openwrt.org/doc/uci/network#routing.actions -- Dave Täht NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article _______________________________________________ Babel-users mailing list Babel-users@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/babel-users