Hi,
I would like to know how I can not leave port 179 open but continue using bgp in my services…
do i need to keep a port open to keep using bgp? is possible close?
tcp179 needs to be opened, as your bgp peers must be able to open tcp connection themselves.
But you can firewall this port, only allowing your hardcoded bgp peers.
There is an option if all neighbors have configuration “passive” mode.
In that case, neighbors shouldn’t initiate a connection to 179 port.
I.e only needed router will be initiate connection from random port to port 179 of each neighbor.
Example of the main router (where destination to this router 179 port is closed):
set protocols bgp 65002 neighbor 192.0.2.2 remote-as '65001'
Example of the router with option “passive”:
set protocols bgp 65001 neighbor 192.0.2.1 passive
set protocols bgp 65001 neighbor 192.0.2.1 remote-as '65002'
Check neighbor from main router:
vyos@r12-lts:~$ show ip bgp neighbors | match "port"
Local host: 192.0.2.1, Local port: 50256
Foreign host: 192.0.2.2, Foreign port: 179