On 02/14/2018 10:52 AM, Grant Taylor wrote:
root@router# ip rule show 10: from all lookup local local 20: from all lookup main main 30: from all lookup reject reject 40: from all lookup bogons bogons 50: from all lookup spamhaus-drop spamhaus-drop 60: from all lookup spamhaus-edrop spamhaus-edrop 70: from all lookup dshield dshield 80: from all lookup default default
My routing tables are configured as such: local = directly attached main = routes for and to my LANs (no default) reject = unreachable routes for things black listed (null route) bogons = unreachable routes for bogons spamhaus* / dshield = prohibit routes for black lists default = default gateway of last resortThis allows me to leverage iproute2's ability to cascade through multiple routing tables to find a matching route. I can easily have a route to 10.10.10.0/24 in my main routing table and use it to communicate with 10.10.10.10 despite the unreachable route to 10.0.0.0/8 in my bogon routing table.
Similarly, 8.8.8.8 will not match anything in the first seven routing tables and finally match the default gateway of last resort in the default routing table.
I can also leverage reverse path filtering using this data. }:-) -- Grant. . . . unix || die
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature