Clients Overview bgpd.conf configuration pf.conf configuration spamd.conf configuration
Spamd-source Server
Route Server
Announce mailing list |
Route ServerHere we describe an example configuration for the Route Server. In it, we connect to two Spamd Source systems, and we also provide access for Client systems. Connections to the Spamd Sources are protected. For the Spamd Source peer ``upA'', TCP MD5 signatures are used. For connections to Spamd Source peer ``downB'', we will use IPsec with dynamic keying. The OpenBGPd daemon will set up the flows, and uses isakmpd(8) to manage the session keys. The following bgpd.conf file is a sanitized version of the production configuration used by the reference server. IP addresses, and the spamd-sources group are anonymized, but the rest is accurate. /etc/bgpd.confmyAS="65066" AS $myAS router-id 203.0.113.113 fib-update no nexthop qualify via default socket "/var/www/logs/bgpd.rsock" restricted group spamd-sources { multihop 64 announce none # Neighbor upA - John Q Public - john.public@example.com neighbor 198.51.100.198 { descr "upA" remote-as 65198 tcp md5sig key deadbeef } # Neighbor downB - Mike Bolton - mike@bolt.example.net neighbor 198.18.0.191 { descr "downB" remote-as 65191 ipsec ah ike } } group RS { announce all set nexthop no-modify enforce neighbor-as no multihop 64 ttl-security no holdtime min 60 softreconfig in no neighbor 0.0.0.0/0 { passive } } deny from any allow from group spamd-sources allow to any # Ensure that an IP to be blacklisted is only a host entry deny from group spamd-sources inet prefixlen < 32 deny from group spamd-sources inet6 prefixlen < 128 # Set my own community, so clients have an easy way to filter match from group spamd-sources community neighbor-as:666 set community $myAS:666 match from group spamd-sources community neighbor-as:42 set community $myAS:42 |
|
|