avoid transit because of default route
Kees Meijs | Nefos
kees at nefos.nl
Mon Jul 27 11:22:17 CEST 2020
Hi Julien,
I would use packet filtering for that (i.e. iptables or alike).
Regards,
Kees
On 27-07-2020 11:13, Julien Sansonnens wrote:
> Dear list,
>
> I only export three prefixes I own to my peers and upstreams.
>
> In theory, nothing prevents one of my peers to choose my router as
> default route (without my consent), and to pass his packets through my
> network (only in output, therefore).
>
> How to prevent this abuse? It doesn't depend on the BGP layer, but on
> the IP kernel isn't it ?
> Is it common to filter incoming IP packets according to their
> destination?
>
> Cheers, julien
More information about the Bird-users
mailing list