Merge pull request #80 from jof/vyos-no-ixp-leak

No IXP Leaks: Add a VyOS example
NLNOG · Nov 1, 2024 · f1f57f9 · f1f57f9
2 parents 9fc436d + c7f755b
commit f1f57f9
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/guides/no_ixp_leaks.md b/guides/no_ixp_leaks.md
@@ -111,6 +111,23 @@ route-map BGP_FILTER_IN deny 22
 !
 ```
 
+## VyOS
+```
+set policy prefix-list IXP-LANS-V4 rule 10 action 'permit'
+set policy prefix-list IXP-LANS-V4 rule 10 ge '24'
+set policy prefix-list IXP-LANS-V4 rule 10 le '32'
+set policy prefix-list IXP-LANS-V4 rule 10 prefix '192.33.255.0/24'
+set policy prefix-list6 IXP-LANS-V6 rule 10 action 'permit'
+set policy prefix-list6 IXP-LANS-V6 rule 10 ge '48'
+set policy prefix-list6 IXP-LANS-V6 rule 10 le '128'
+set policy prefix-list6 IXP-LANS-V6 rule 10 prefix '2001:504:30::/48'
+
+set policy route-map INTERNET-IN rule 10 action 'deny'
+set policy route-map INTERNET-IN rule 10 match ip address prefix-list 'IXP-LANS-V4'
+set policy route-map INTERNET-IN rule 20 action 'deny'
+set policy route-map INTERNET-IN rule 20 match ipv6 address prefix-list 'IXP-LANS-V6'
+```
+
 ## Arista
 
 ```