blob: a4d875276eeab179899312e6a59ce62a334d9873 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
create loop int
set int state loop0 up
set int ip addr loop0 10.10.10.10/24
packet-generator new {
name transit-deny
limit 1
node ip4-input
size 64-64
no-recycle
data {
UDP: 1.2.3.4 -> 2.2.2.2
UDP: 3000 -> 3001
length 128 checksum 0 incrementing 1
}
}
packet-generator new {
name transit-allow
limit 1
node ip4-input
size 64-64
no-recycle
data {
UDP: 1.1.1.1 -> 2.2.2.2
UDP: 3000 -> 3001
length 128 checksum 0 incrementing 1
}
}
packet-generator new {
name transit-allow-from-excemption
limit 1
node ip4-input
size 64-64
no-recycle
data {
UDP: 11.11.12.13 -> 2.2.2.2
UDP: 6000 -> 6001
length 128 checksum 0 incrementing 1
}
}
packet-generator new {
name for-us-allow-from-excemption
limit 1
node ip4-input
size 64-64
no-recycle
data {
UDP: 11.11.12.13 -> 10.10.10.10
UDP: 6000 -> 6001
length 128 checksum 0 incrementing 1
}
}
packet-generator new {
name for-us-allow
limit 1
node ip4-input
size 64-64
no-recycle
data {
UDP: 1.1.1.1 -> 10.10.10.10
UDP: 3000 -> 3001
length 128 checksum 0 incrementing 1
}
}
tr add pg-input 100
set int ip addr pg0 10.10.11.10/24
set interface ip source-check pg0 strict
ip route add 1.1.1.1/32 via 10.10.11.11 pg0
ip route add 2.2.2.2/32 via 10.10.10.11 loop0
ip urpf-accept 11.11.0.0/16
#set interface ip source-check pg0 strict del
#set interface ip source-check pg0 loose
#ip urpf-accept del 11.11.0.0/16
|
