How can I use BGP to block abusive IPs using home made blocklist?
I would like to know how to use a custom blacklist on a server to block abusive traffic on my border router. I was told that this can be done using iBGP and community attribute but I was wondering specifically how this can be done? I assume the server with the blacklist of IP to block will need to be configured with iBGP and my border router will need to see the server as a BGP neighbor, but what else is necessary?
If you want to feed your own list of prefixes (your blacklist) into your network via BGP, you can use any number of open-source products (OpenBGPd, XORP, Quagga, Bird, &c) on a Unix or Linux machine to do so. Essentially, you set up your route server, import your blacklist and then have your network peer with it via BGP. Your router can either send those prefixes to your route server to be dropped or you can null-route them locally. The actual implementation is going to vary greatly depending on which BGP platform you select.
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...