It uses bird
on Linux as BGP anouncer. My hardware is RouterBOARD 750G r2
, but you can use any you want/have.
- Install
bird
- Install
python3
if you don't have it yet. - Minimal
bird
config is presented here. Read comments inside. - Run
bgp_getter.py
to get last RKN blacklisted IP, generatebird
config and restart bird service. Run it using cron for instance.
Another version using z-i repo
- Get latest dump.
- Parse and build bird config.
- Restart bird. I use it in cron like this:
0 6 * * * curl https://raw.githubusercontent.com/zapret-info/z-i/master/dump.csv -o /root/rkn_ip_dump.csv
4 6 * * * python /root/repos/rkn_handler/parser.py
8 6 * * * systemctl restart bird.service
Also RouterOS minimal config looks like this:
- 10.0.100.100 - is my VPN gateway.
- 192.168.88.149 - is my Linux box running bird.
- 192.168.88.1 - is my router
/routing bgp peer
add address-families=ip as-override=no comment=\
"https://github.com/house-of-vanity/rkn_handler" default-originate=never \
disabled=no hold-time=4m in-filter=bgp_in instance=local \
multihop=yes name=miku \
nexthop-choice=default out-filter="" passive=no remote-address=\
192.168.88.149 remote-as=65433 remove-private-as=no route-reflect=no \
tcp-md5-key="" ttl=default use-bfd=no
/routing filter
add action=accept \
chain=bgp_in comment="Set nexthop to VPN" \
disabled=no invert-match=no \
set-bgp-prepend-path="" \
set-in-nexthop=10.0.100.100 \
/routing bgp instance
add as=64999 client-to-client-reflection=yes \
disabled=no ignore-as-path-len=yes name=local out-filter="" \
redistribute-connected=no redistribute-ospf=no redistribute-other-bgp=no \
redistribute-rip=no redistribute-static=no router-id=192.168.88.1 \
routing-table=""
P.S. Change ACCURACY parameter if you router can handle more/less prefixes.