Gitiles
Code Review Sign In
gerrit.nordix.org / fdio / vpp / 69915cba2d6e169343c03c8eef48e6b2d2296e3a / . / src / scripts / vnet / urpf
blob: a4d875276eeab179899312e6a59ce62a334d9873 [file] [log] [blame]
Neale Ranns3ee44042016-10-03 13:05:48 +0100[diff] [blame]1
2create loop int
3
4set int state loop0 up
5set int ip addr loop0 10.10.10.10/24
6
7packet-generator new {
8 name transit-deny
9 limit 1
10 node ip4-input
11 size 64-64
12 no-recycle
13 data {
14 UDP: 1.2.3.4 -> 2.2.2.2
15 UDP: 3000 -> 3001
16 length 128 checksum 0 incrementing 1
17 }
18}
19
20packet-generator new {
21 name transit-allow
22 limit 1
23 node ip4-input
24 size 64-64
25 no-recycle
26 data {
27 UDP: 1.1.1.1 -> 2.2.2.2
28 UDP: 3000 -> 3001
29 length 128 checksum 0 incrementing 1
30 }
31}
32
33packet-generator new {
34 name transit-allow-from-excemption
35 limit 1
36 node ip4-input
37 size 64-64
38 no-recycle
39 data {
40 UDP: 11.11.12.13 -> 2.2.2.2
41 UDP: 6000 -> 6001
42 length 128 checksum 0 incrementing 1
43 }
44}
45
46packet-generator new {
47 name for-us-allow-from-excemption
48 limit 1
49 node ip4-input
50 size 64-64
51 no-recycle
52 data {
53 UDP: 11.11.12.13 -> 10.10.10.10
54 UDP: 6000 -> 6001
55 length 128 checksum 0 incrementing 1
56 }
57}
58
59packet-generator new {
60 name for-us-allow
61 limit 1
62 node ip4-input
63 size 64-64
64 no-recycle
65 data {
66 UDP: 1.1.1.1 -> 10.10.10.10
67 UDP: 3000 -> 3001
68 length 128 checksum 0 incrementing 1
69 }
70}
71
72tr add pg-input 100
73
74set int ip addr pg0 10.10.11.10/24
75
76set interface ip source-check pg0 strict
77
78ip route add 1.1.1.1/32 via 10.10.11.11 pg0
79ip route add 2.2.2.2/32 via 10.10.10.11 loop0
80
81ip urpf-accept 11.11.0.0/16
82
83#set interface ip source-check pg0 strict del
84#set interface ip source-check pg0 loose
85
86#ip urpf-accept del 11.11.0.0/16