Mon Jul 07, 2014 5:32 pm
/routing filter
add action=discard chain=isp1_in prefix=10.0.0.0/8 prefix-length=8-32 #DROP RFC1918
add action=discard chain=isp1_in prefix=192.168.0.0/16 prefix-length=16-32 #DROP RFC1918
add action=discard chain=isp1_in prefix=172.16.0.0/12 prefix-length=12-32 #DROP RFC1918
add action=accept chain=isp1_in prefix=0.0.0.0/0 prefix-length=0 #ACCEPT DEFAULT ROUTE
add action=accept chain=isp1_in prefix=0.0.0.0/0 prefix-lenth=0-24 #ACCEPT Anything with a /24 smaller mask (eBGP only does up to /24)
add action=discard chain=isp2_in prefix=10.0.0.0/8 prefix-length=8-32 #DROP RFC1918
add action=discard chain=isp2_in prefix=192.168.0.0/16 prefix-length=16-32 #DROP RFC1918
add action=discard chain=isp2_in prefix=172.16.0.0/12 prefix-length=12-32 #DROP RFC1918
add action=accept chain=isp2_in prefix=0.0.0.0/0 prefix-length=0 #ACCEPT DEFAULT ROUTE
add action=accept chain=isp2_in prefix=0.0.0.0/0 prefix-lenth=0-24 #ACCEPT Anything with a /24 smaller mask (eBGP only does up to /24)
add action=accept chain=isp_1_out prefix=yo.ur.pr.ef/ix prefix-length=24 or 16 or 22 or whatever length #Optional set-bgp-prepend-path=YourAS (If you want to bias to one provider or another for incoming connections)
add action=reject chain=isp_1_out prefix=0.0.0.0/0 prefix-length=0-32 #Reject everything else
add action=accept chain=isp_2_out prefix=yo.ur.pr.ef/ix prefix-length=24 or 16 or 22 or whatever length #Optional set-bgp-prepend-path=YourAS (If you want to bias to one provider or another for incoming connections)
add action=reject chain=isp_2_out prefix=0.0.0.0/0 prefix-length=0-32 #Reject everything else