nanog mailing list archives
Re: BGP38 egress filter on Ubuntu Server
From: William Herrin <bill () herrin us>
Date: Tue, 1 Jun 2021 23:39:07 -0700
On Tue, Jun 1, 2021 at 1:47 PM Stephen Satchell <list () satchell net> wrote:
Before I re-invent the wheel, has anyone come up with blackhole route specifications for netplan in Ubuntu servers? Such a capability would perform the egress blocking for an edge server. The table of blackhole routes I would set up:
Hi Stephen, I think you may be misunderstanding BCP 38. BCP 38 is about limiting -source- addresses. What you've described is bogon filtering on destination IP addresses. As far as I know, there's no BCP on bogon filtering although BCP 84 offers some relevant advice. BCP 38 is very simple: 1. If your IP address is 1.2.3.4 then drop any Internet-bound packets which purport to be -from- any address which is not 1.2.3.4. 2. If your IP address is 1.2.3.4 then drop any packets FROM the Internet which purport to be -from- 1.2.3.4. That's it! Regards, Bill Herrin -- William Herrin bill () herrin us https://bill.herrin.us/
Current thread:
- BGP38 egress filter on Ubuntu Server Stephen Satchell (Jun 01)
- Re: BGP38 egress filter on Ubuntu Server Chriztoffer Hansen (Jun 01)
- Re: BGP38 egress filter on Ubuntu Server Chriztoffer Hansen (Jun 01)
- Re: BGP38 egress filter on Ubuntu Server William Herrin (Jun 01)
- Re: BGP38 egress filter on Ubuntu Server Grant Taylor via NANOG (Jun 02)
- Re: BGP38 egress filter on Ubuntu Server Chriztoffer Hansen (Jun 01)