Community discussions

MikroTik App
  4. RouterOS
  5. Forwarding Protocols

BGP: Basic Filter Policy for BOGON ASNs and IPs

Post Reply
 
User avatar
andrewe02000
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 69
Joined: Tue Aug 28, 2012 6:33 am
Location: Canton, OH
Contact:
Contact andrewe02000

BGP: Basic Filter Policy for BOGON ASNs and IPs

Fri Apr 17, 2020 9:08 pm

This is my basic BGP filtering setup that I wanted to share for others to help clean up the internet. Don't forget to drop your own networks inbound.
Code: Select all
/routing filter
add action=discard bgp-as-path="\\b(0)\\b" chain=bgp_in_filter comment=\
    "Reserved RFC7607"
add action=discard bgp-as-path="\\b(23456)\\b" chain=bgp_in_filter comment=\
    "AS_TRANS RFC6793"
add action=discard bgp-as-path="\\b(6449[6-9]|6450[0-9]|6451[01])\\b" chain=\
    bgp_in_filter comment="Reserved for use in docs and code RFC5398"
add action=discard bgp-as-path="\\b(6451[2-9]|645[2-9][0-9]|64[6-9][0-9]{2}|65\
    [0-4][0-9]{2}|655[0-2][0-9]|6553[0-4])\\b" chain=bgp_in_filter comment=\
    "Reserved for Private Use RFC6996"
add action=discard bgp-as-path="\\b(65535)\\b" chain=bgp_in_filter comment=\
    "Reserved RFC7300"
add action=discard bgp-as-path="\\b(6553[6-9]|6554[0-9]|6555[01])\\b" chain=\
    bgp_in_filter comment="Reserved for use in docs and code RFC5398"
add action=discard bgp-as-path="\\b(6555[2-9]|655[6-9][0-9]|65[6-9][0-9]{2}|6[\
    6-9][0-9]{3}|[7-9][0-9]{4}|1[0-2][0-9]{4}|130[0-9]{3}|1310[0-6][0-9]|13107\
    [01])\\b" chain=bgp_in_filter comment=\
    "Reserved for use in docs and code RFC5398"
add action=discard bgp-as-path="\\b(42[0-8][0-9]{7}|429[0-3][0-9]{6}|4294[0-8]\
    [0-9]{5}|42949[0-5][0-9]{4}|429496[0-6][0-9]{3}|4294967[01][0-9]{2}|429496\
    72[0-8][0-9]|429496729[0-4])\\b" chain=bgp_in_filter comment=\
    "Reserved for Private Use RFC6996"
add action=discard bgp-as-path="\\b(4294967295)\\b" chain=bgp_in_filter \
    comment="Reserved RFC7300"
add action=discard chain=bgp_in_filter prefix=0.0.0.0/8 prefix-length=8-32
add action=discard chain=bgp_in_filter prefix=10.0.0.0/8 prefix-length=8-32
add action=discard chain=bgp_in_filter prefix=100.64.0.0/10 prefix-length=\
    10-32
add action=discard chain=bgp_in_filter prefix=127.0.0.0/8 prefix-length=8-32
add action=discard chain=bgp_in_filter prefix=169.254.0.0/16 prefix-length=\
    16-32
add action=discard chain=bgp_in_filter prefix=172.16.0.0/12 prefix-length=\
    12-32
add action=discard chain=bgp_in_filter prefix=192.0.2.0/24 prefix-length=\
    24-32
add action=discard chain=bgp_in_filter prefix=192.168.0.0/16 prefix-length=\
    16-32
add action=discard chain=bgp_in_filter prefix=224.0.0.0/3 prefix-length=3-32
add action=accept chain=bgp_in_filter
Top
Post Reply

Who is online

Users browsing this forum: rextended and 48 guests
  4. RouterOS
  5. Forwarding Protocols