iptables is a Linux firewall utility program, which is leveraged by Arista EOS to control protocol control packets. For example:
Example: sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
-S : List the rules
-A : Append rule
-p : protocol
-j : jump = action
[admin@ck478 ~]$ sudo iptables -S
.....
-A INPUT -p tcp -m tcp --dport 4432 -m ttl --ttl-eq 255 -j SERVICE <<< MLAG control pkt
-A INPUT -p udp -m udp --dport 4432 -m ttl --ttl-eq 255 -j SERVICE
! add a bgp neighbor 1.1.1.1
ck478.17:51:26(config)#router bgp 65500
ck478.17:51:43(config-router-bgp)#nei 1.1.1.1 remote 65001
[admin@ck478 ~]$ sudo iptables -S | grep -i BGP | grep 1.1.1.1
-A BGP -s 1.1.1.1/32 -j ACCEPT <<< a new rule added for bgp nei 1.1.1.1
! configure bgp ttl security rule
ck478.17:51:51(config-router-bgp)#nei 1.1.1.1 ttl maximum-hops 2
[admin@ck478 ~]$ sudo iptables -S | grep -i BGP | grep 1.1.1.1
-A BGP -s 1.1.1.1/32 -m ttl --ttl-lt 253 -j DROP <<< all bgp pkts w/ ttl <253 droped!
-A BGP -s 1.1.1.1/32 -j ACCEPT
No comments:
Post a Comment