Hi
Pleas help me with my isue.
I need to block list from 150 AS`s. How can i do it.
Hi @Opacha
You can configure the community-list:
https://docs.vyos.io/en/latest/configuration/policy/community-list.html#bgp-community-list
Use the as-path-list policy together with a route-map denying the ASNs that match your regex.
policy {
as-path-list BLOCK-ASNS {
rule 10 {
action permit
description "IANA reserved"
regex _6555[2-9]_|_655[6-9][0-9]_|_65[6-9][0-9][0-9]_|_6[6-9][0-9][0-9][0-]_|_[7-9][0-9][0-9][0-9][0-9]_|_1[0-2][0-9][0-9][0-9][0-9]_|_130[0-9][0-9][0-9]_|_1310[0-6][0-9]_|_13107[01]_
}
}
route-map BGP-BLOCK-ASNS-IN-v4 {
rule 10 {
action deny
match {
as-path BLOCK-ASNS
}
}
}
}
protocols {
bgp 65000 {
neighbor 192.0.2.1 {
description "Peering1"
remote-as 65001
address-family {
ipv4-unicast {
route-map {
import BGP-BLOCK-ASNS-IN-v4
}
}
}
}
}
}
1 Like
I suggest you subscribe (free) to the CYMRU bogons filter lists https://team-cymru.com/community-services/bogon-reference/ I receive 1468 prefixes we dump to null including all of the iana reserved and they keep up on bad actors. IPv4 and IPv6
I’ve been using CYMRU for a long time. I just used the IANA reserved prefixes as an example to demonstrate how to use as-path-list.