[tech] WAIX and Internet2 access working

David Luyer david at luyer.net
Wed Apr 6 10:21:15 WST 2005


> There is a large iptables chain FREENETS on madako. This allows networks
> to be matched based on whether they are reached via Grangenet or the
> various non-byte charged bits of AARNET. I've set things up so that at
> boot time, hosts that are limited to FREENETS have:
>   access to all of FREENETS (-A FORWARD -d 130.95.13.18 -j FREENETS)
>   no access to anything else (-A FORWARD -d 130.95.13.18 -j DROP)

Does your code cover the case where a more-specific is charged (in
the global BGP tables) but the less-specific is seen in the WAIX
table?

You need an explicit 'DROP' for such prefixes.

(very annoying prefixes for all kinds of reasons)

David.




More information about the tech mailing list