On Thu, Jan 05, 2017 at 06:15:00PM +0100, Ondrej Zajicek wrote: > On Thu, Jan 05, 2017 at 05:53:40PM +0100, Ondrej Zajicek wrote: > > On Thu, Jan 05, 2017 at 04:11:25PM +0000, Roger Whittaker wrote: > > > I'm trying to use bird to help prevent spam as described here: > > > > > > https://debian-administration.org/article/715/Preventing_SPAM_connections_with_bird > > > > > > I understand very little about BGP, so I'm really using that article > > > as a "recipe", and have used the config file there more or less as is, > > > except for changing the router id setting and enabling logging (and > > > I've increased scan time to 600). > > > > The reason for 'Hold timer expired' is funny. The IP address of > > eu.bgp-spamd.net > > is also on the blacklist: > > > > bird> show route 217.31.80.170/32 > > 217.31.80.170/32 blackhole [bgp1 17:36:37 from 217.31.80.170] * (100) > > [AS65055i] > > > > Not sure if that is intentional or not. > > OK, seems like the route server is sending not just black list entries, > but also other entries (white list?) mixed in, marked by BGP communities. > > So the original article is horribly mistaken. > > Blacklisted routes are only ones with (65066, 666) BGP community. So the > import filter should look more like: > > filter route_import { > if !( (65066, 666) ~ bgp_community ) then reject; > > dest = RTD_BLACKHOLE; > accept; > }
Thanks very much for this - I can now at least get started with this idea and see how it goes. -- ======================== Roger Whittaker [email protected] ========================
