I’m currently receiving (on my MikroTik router) a list of “naughty” IP addresses by BGP. These are addresses that we’ve determined are attacking or otherwise probing our systems in an unacceptable way. I have my BGP filter setup to blackhole these addresses. So, even though they may try to talk to us, replies never get back to them.
Is there a way to match these blackhole routes on inbound traffic (basically match the source IP against the blackhole list) to eliminate the inbound traffic as well?
Sorry if I’m missing something, but it seems that this would be a common thing to do, but it’s definitely not obvious to me.
It’s a quite old post but maybe you didn’t find a solution for this.
What you would like to do, doesn’t work with BGP. You can filter which prefixes you accept from your Neighbour, but you can’t tell them to which ASes your prefix(es) should be announced and to which not. And even if it would work. It wouldn’t be a good idea, because there could be more (friendly) prefixes on this AS that wouldn’t get your prefix too.
However, the only thing you can do in this case is just filter the “bad” prefixes on the firewall.
RIght, I wasn’t looking to filter outbound BGP announcements, I was more looking for a way to setup an IP Filter on inbound traffic, matching the source IP address to the list of blackholed routes (which is dynamic, as it comes in over BGP). So I can drop inbound packets if the source address appears on the blackhole list…