Clients
Overview
bgpd.conf configuration
pf.conf configuration
spamd.conf configuration

Spamd-source Server
Coming soon

Route Server
Overview
bgpd.conf configuration
pf.conf configuration

Announce mailing list
Papers
Hosting is generously provided by Sonic.net

 

Route Server


Here we describe an example configuration for the Route Server. In it, we block all non-necessary connections, while allowing normal connections to the system.

The following pf.conf file is a sanitized version of the production configuration used by the reference server. IP addresses, and some limits are anonymized, but the rest is accurate.

/etc/pf.conf
spamd_sources="198.51.100.198 198.18.0.191"

set skip on lo
set skip on enc0

set block-policy return

block           # block stateless traffic

pass out proto { udp tcp } to port 53
pass out proto udp to port ntp

pass proto icmp
pass proto udp to port 33434:33534      # traceroute
pass proto tcp to port { smtp, ssh, http }


# Always allow connections to our peers
pass quick proto tcp from { $spamd_sources } to any port bgp
pass quick proto tcp from any to { $spamd_sources} port bgp

# Limit connections to one connection per client
pass in proto tcp to any port bgp \
        keep state (source-track rule, max-src-states 1, tcp.finwait 5)
© 2013-2017 Peter Hessler