On Tue, Mar 29, 2022 at 09:53:56AM +0200, Laurent CARON wrote: > Hi, > > I'm happily running several OpenBGPd routers (Openbsd 7.0). > > After having applied the folloxing filters (to blackhole traffic from > certain countries): > > include "/etc/bgpd/deny-asn.ru.bgpd" > include "/etc/bgpd/deny-asn.by.bgpd" > include "/etc/bgpd/deny-asn.ua.bgpd" > > > # head /etc/bgpd/deny-asn.ru.bgpd > match from any AS 2148 set { localpref 250 nexthop blackhole } > match from any AS 2585 set { localpref 250 nexthop blackhole } > match from any AS 2587 set { localpref 250 nexthop blackhole } > match from any AS 2599 set { localpref 250 nexthop blackhole } > match from any AS 2766 set { localpref 250 nexthop blackhole } > match from any AS 2848 set { localpref 250 nexthop blackhole } > match from any AS 2854 set { localpref 250 nexthop blackhole } > match from any AS 2875 set { localpref 250 nexthop blackhole } > match from any AS 2878 set { localpref 250 nexthop blackhole } > match from any AS 2895 set { localpref 250 nexthop blackhole } >
You should really use as-set for this: as-set ru-set { 2148 2585 2587 ... } And also not match any (at least I think you don't really want that to match on ibgp sessions): match from ebgp AS as-set ru-set set { localpref 250 nexthop blackhole } If done right you can replace all your rules by one single one. -- :wq Claudio