From 6a8671fa3e669e0534f9062deb2ff14719ac0a8b Mon Sep 17 00:00:00 2001
From: Patrik Lundin <patlu@sunet.se>
Date: Mon, 28 Oct 2024 13:26:13 +0100
Subject: [PATCH] Add import filters for bgp

---
 .../modules/cdn/templates/l4lb/bird.conf.erb  | 26 ++++++++++++++-----
 1 file changed, 19 insertions(+), 7 deletions(-)

diff --git a/global/overlay/etc/puppet/modules/cdn/templates/l4lb/bird.conf.erb b/global/overlay/etc/puppet/modules/cdn/templates/l4lb/bird.conf.erb
index 9e5ccfc..f23b0a6 100644
--- a/global/overlay/etc/puppet/modules/cdn/templates/l4lb/bird.conf.erb
+++ b/global/overlay/etc/puppet/modules/cdn/templates/l4lb/bird.conf.erb
@@ -48,7 +48,10 @@ protocol bgp tug_r11_v4 {
   hold time 90;
 
   ipv4 {
-    import all;
+    import filter {
+      if net ~ [ 0.0.0.0/0 ] then
+        accept; else reject;
+    };
     export filter {
       if net ~ [ 188.240.152.0/24{32,32} ] then
         accept; else reject;
@@ -63,7 +66,10 @@ protocol bgp tug_r11_v6 {
   hold time 90;
 
   ipv6 {
-    import all;
+    import filter {
+      if net ~ [ ::/0 ] then
+        accept; else reject;
+    };
     export filter {
       if net ~ [ 2001:6b0:2100::/48{128,128} ] then
         accept; else reject;
@@ -79,7 +85,10 @@ protocol bgp tug_r12_v4 {
   hold time 90;
 
   ipv4 {
-    import all;
+    import filter {
+      if net ~ [ 0.0.0.0/0 ] then
+        accept; else reject;
+    };
     export filter {
       if net ~ [ 188.240.152.0/24{32,32} ] then
         accept; else reject;
@@ -94,10 +103,13 @@ protocol bgp tug_r12_v6 {
   hold time 90;
 
   ipv6 {
-  import all;
-  export filter {
-    if net ~ [ 2001:6b0:2100::/48{128,128} ] then
-      accept; else reject;
+    import filter {
+      if net ~ [ ::/0 ] then
+        accept; else reject;
+    };
+    export filter {
+      if net ~ [ 2001:6b0:2100::/48{128,128} ] then
+        accept; else reject;
     };
   };
 }