From 4e778eeef6233b369c17c05588a39b113d3cd7c6 Mon Sep 17 00:00:00 2001 From: adminer Date: Sat, 11 Apr 2026 23:24:25 +0300 Subject: [PATCH] =?UTF-8?q?=D0=94=D0=BE=D0=B1=D0=B0=D0=B2=D0=B8=D1=82?= =?UTF-8?q?=D1=8C=20bkp=5Fpruj.sh?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bkp_pruj.sh | 677 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 677 insertions(+) create mode 100644 bkp_pruj.sh diff --git a/bkp_pruj.sh b/bkp_pruj.sh new file mode 100644 index 0000000..d7b1f5b --- /dev/null +++ b/bkp_pruj.sh @@ -0,0 +1,677 @@ +#!/bin/sh +#Xiaomi Mi Router 3G custom default settings +uci -q batch << EOI +set 3ginfo.@3ginfo[0]=3ginfo +set 3ginfo.@3ginfo[0].http_port='81' +set 3ginfo.@3ginfo[0].network='wan' +set 3ginfo.@3ginfo[0].device='/dev/ttyUSB1' +set 3ginfo.@3ginfo[0].language='en' +commit 3ginfo +set dhcp.@dnsmasq[0]=dnsmasq +set dhcp.@dnsmasq[0].domainneeded='1' +set dhcp.@dnsmasq[0].localise_queries='1' +set dhcp.@dnsmasq[0].rebind_protection='1' +set dhcp.@dnsmasq[0].rebind_localhost='1' +set dhcp.@dnsmasq[0].expandhosts='1' +set dhcp.@dnsmasq[0].authoritative='1' +set dhcp.@dnsmasq[0].readethers='1' +set dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases' +set dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.d/resolv.conf.auto' +set dhcp.@dnsmasq[0].localservice='1' +set dhcp.@dnsmasq[0].ednspacket_max='1232' +set dhcp.@dnsmasq[0].local='/pruj.loc/' +set dhcp.@dnsmasq[0].domain='pruj.loc' +set dhcp.@dnsmasq[0].server='/lan/10.0.254.1' +set dhcp.lan=dhcp +set dhcp.lan.interface='lan' +set dhcp.lan.start='100' +set dhcp.lan.limit='150' +set dhcp.lan.leasetime='12h' +set dhcp.lan.dhcpv4='server' +set dhcp.lan.dhcpv6='server' +set dhcp.lan.ra='server' +set dhcp.lan.ra_flags='managed-config' 'other-config' +set dhcp.wan=dhcp +set dhcp.wan.interface='wan' +set dhcp.wan.ignore='1' +set dhcp.wan.start='100' +set dhcp.wan.limit='150' +set dhcp.wan.leasetime='12h' +set dhcp.odhcpd=odhcpd +set dhcp.odhcpd.maindhcp='0' +set dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd' +set dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update' +set dhcp.odhcpd.loglevel='4' +commit dhcp +set dropbear.@dropbear[0]=dropbear +set dropbear.@dropbear[0].PasswordAuth='on' +set dropbear.@dropbear[0].RootPasswordAuth='on' +set dropbear.@dropbear[0].Port='22' +commit dropbear +set firewall.@defaults[0]=defaults +set firewall.@defaults[0].output='ACCEPT' +set firewall.@defaults[0].forward='REJECT' +set firewall.@defaults[0].synflood_protect='1' +set firewall.@defaults[0].input='REJECT' +set firewall.@zone[0]=zone +set firewall.@zone[0].name='lan' +set firewall.@zone[0].input='ACCEPT' +set firewall.@zone[0].output='ACCEPT' +set firewall.@zone[0].forward='ACCEPT' +set firewall.@zone[0].network='lan' +set firewall.@zone[1]=zone +set firewall.@zone[1].name='wan' +set firewall.@zone[1].input='REJECT' +set firewall.@zone[1].output='ACCEPT' +set firewall.@zone[1].forward='REJECT' +set firewall.@zone[1].masq='1' +set firewall.@zone[1].mtu_fix='1' +set firewall.@zone[1].network='wan' 'wan6' '3g' +set firewall.@rule[0]=rule +set firewall.@rule[0].name='Allow-DHCP-Renew' +set firewall.@rule[0].src='wan' +set firewall.@rule[0].proto='udp' +set firewall.@rule[0].dest_port='68' +set firewall.@rule[0].target='ACCEPT' +set firewall.@rule[0].family='ipv4' +set firewall.@rule[1]=rule +set firewall.@rule[1].name='Allow-Ping' +set firewall.@rule[1].src='wan' +set firewall.@rule[1].proto='icmp' +set firewall.@rule[1].icmp_type='echo-request' +set firewall.@rule[1].family='ipv4' +set firewall.@rule[1].target='ACCEPT' +set firewall.@rule[2]=rule +set firewall.@rule[2].name='Allow-IGMP' +set firewall.@rule[2].src='wan' +set firewall.@rule[2].proto='igmp' +set firewall.@rule[2].family='ipv4' +set firewall.@rule[2].target='ACCEPT' +set firewall.@rule[3]=rule +set firewall.@rule[3].name='Allow-DHCPv6' +set firewall.@rule[3].src='wan' +set firewall.@rule[3].proto='udp' +set firewall.@rule[3].dest_port='546' +set firewall.@rule[3].family='ipv6' +set firewall.@rule[3].target='ACCEPT' +set firewall.@rule[4]=rule +set firewall.@rule[4].name='Allow-MLD' +set firewall.@rule[4].src='wan' +set firewall.@rule[4].proto='icmp' +set firewall.@rule[4].src_ip='fe80::/10' +set firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0' +set firewall.@rule[4].family='ipv6' +set firewall.@rule[4].target='ACCEPT' +set firewall.@rule[5]=rule +set firewall.@rule[5].name='Allow-ICMPv6-Input' +set firewall.@rule[5].src='wan' +set firewall.@rule[5].proto='icmp' +set firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement' +set firewall.@rule[5].limit='1000/sec' +set firewall.@rule[5].family='ipv6' +set firewall.@rule[5].target='ACCEPT' +set firewall.@rule[6]=rule +set firewall.@rule[6].name='Allow-ICMPv6-Forward' +set firewall.@rule[6].src='wan' +set firewall.@rule[6].dest='*' +set firewall.@rule[6].proto='icmp' +set firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' +set firewall.@rule[6].limit='1000/sec' +set firewall.@rule[6].family='ipv6' +set firewall.@rule[6].target='ACCEPT' +set firewall.@rule[7]=rule +set firewall.@rule[7].name='Allow-IPSec-ESP' +set firewall.@rule[7].src='wan' +set firewall.@rule[7].dest='lan' +set firewall.@rule[7].proto='esp' +set firewall.@rule[7].target='ACCEPT' +set firewall.@rule[8]=rule +set firewall.@rule[8].name='Allow-ISAKMP' +set firewall.@rule[8].src='wan' +set firewall.@rule[8].dest='lan' +set firewall.@rule[8].dest_port='500' +set firewall.@rule[8].proto='udp' +set firewall.@rule[8].target='ACCEPT' +set firewall.@zone[2]=zone +set firewall.@zone[2].name='wg' +set firewall.@zone[2].input='ACCEPT' +set firewall.@zone[2].output='ACCEPT' +set firewall.@zone[2].network='wg25' 'wg30' +set firewall.@zone[2].forward='ACCEPT' +set firewall.@forwarding[0]=forwarding +set firewall.@forwarding[0].src='wg' +set firewall.@forwarding[0].dest='lan' +set firewall.@forwarding[1]=forwarding +set firewall.@forwarding[1].src='wg' +set firewall.@forwarding[1].dest='wan' +set firewall.@forwarding[2]=forwarding +set firewall.@forwarding[2].src='lan' +set firewall.@forwarding[2].dest='wg' +set firewall.@forwarding[3]=forwarding +set firewall.@forwarding[3].src='lan' +set firewall.@forwarding[3].dest='wan' +commit firewall +set luci.main=core +set luci.main.lang='auto' +set luci.main.mediaurlbase='/luci-static/bootstrap' +set luci.main.resourcebase='/luci-static/resources' +set luci.main.ubuspath='/ubus/' +set luci.flash_keep=extern +set luci.flash_keep.uci='/etc/config/' +set luci.flash_keep.dropbear='/etc/dropbear/' +set luci.flash_keep.openvpn='/etc/openvpn/' +set luci.flash_keep.passwd='/etc/passwd' +set luci.flash_keep.opkg='/etc/opkg.conf' +set luci.flash_keep.firewall='/etc/firewall.user' +set luci.flash_keep.uploads='/lib/uci/upload/' +set luci.languages=internal +set luci.sauth=internal +set luci.sauth.sessionpath='/tmp/luci-sessions' +set luci.sauth.sessiontime='3600' +set luci.ccache=internal +set luci.ccache.enable='1' +set luci.themes=internal +set luci.themes.Bootstrap='/luci-static/bootstrap' +set luci.themes.BootstrapDark='/luci-static/bootstrap-dark' +set luci.themes.BootstrapLight='/luci-static/bootstrap-light' +set luci.apply=internal +set luci.apply.rollback='90' +set luci.apply.holdoff='4' +set luci.apply.timeout='5' +set luci.apply.display='1.5' +set luci.diag=internal +set luci.diag.dns='openwrt.org' +set luci.diag.ping='openwrt.org' +set luci.diag.route='openwrt.org' +set luci.@command[0]=command +set luci.@command[0].name='signal' +set luci.@command[0].command='echo AT+CSQ | socat - /dev/ttyUSB1,crnl | grep ^+CSQ | cut -f2 -d'\'' '\''' +set luci.@command[1]=command +set luci.@command[1].name='тип подключения' +set luci.@command[1].command='echo AT^SYSINFOEX | socat - /dev/ttyUSB1,crnl ' +set luci.@command[2]=command +set luci.@command[2].name='4G > 3G' +set luci.@command[2].command='echo '\''AT^SYSCFGEX="0302",3fffffff,2,4,7fffffffffffffff,,'\'' | socat - /dev/ttyUSB1,crnl' +set luci.@command[3]=command +set luci.@command[3].name='4G > 3G > 2G' +set luci.@command[3].command='echo '\''AT^SYSCFGEX="030201",3fffffff,2,4,7fffffffffffffff,,'\'' | socat - /dev/ttyUSB1,crnl' +set luci.@command[4]=command +set luci.@command[4].name='3G > 2G' +set luci.@command[4].command='echo '\''AT^SYSCFGEX="0201",3fffffff,2,4,7fffffffffffffff,,'\'' | socat - /dev/ttyUSB1,crnl' +set luci.@command[5]=command +set luci.@command[5].name='Auto' +set luci.@command[5].command='echo '\''AT^SYSCFGEX="00",3fffffff,2,4,7fffffffffffffff,,'\'' | socat - /dev/ttyUSB1,crnl' +set luci.@command[6]=command +set luci.@command[6].name='Route add' +set luci.@command[6].command='route add -net 172.16.11.0/24 gw 10.0.1.26 metric 1000' +commit luci +set mosquitto.owrt=owrt +set mosquitto.owrt.use_uci='0' +set mosquitto.mosquitto=mosquitto +set mosquitto.persistence=persistence +commit mosquitto +set network.loopback=interface +set network.loopback.device='lo' +set network.loopback.proto='static' +set network.loopback.ipaddr='127.0.0.1' +set network.loopback.netmask='255.0.0.0' +set network.globals=globals +set network.globals.packet_steering='1' +set network.globals.ula_prefix='fdd0:523b:82cd::/48' +set network.@device[0]=device +set network.@device[0].name='br-lan' +set network.@device[0].type='bridge' +set network.@device[0].ports='lan1' 'lan2' +set network.lan=interface +set network.lan.device='br-lan' +set network.lan.proto='static' +set network.lan.netmask='255.255.255.0' +set network.lan.ip6assign='60' +set network.lan.ipaddr='172.16.30.1' +set network.wan=interface +set network.wan.device='wan' +set network.wan.proto='static' +set network.wan.ipaddr='172.16.104.211' +set network.wan.netmask='255.255.255.192' +set network.wan.gateway='172.16.104.193' +set network.wan.dns='10.0.254.1' '188.128.84.20' '95.167.167.95' '9.9.9.9' +set network.wan6=interface +set network.wan6.device='wan' +set network.wan6.proto='dhcpv6' +set network.3g=interface +set network.3g.proto='3g' +set network.3g.ipv6='auto' +set network.3g.username='gdata' +set network.3g.password='gdata' +set network.3g.service='umts' +set network.3g.device='/dev/ttyUSB0' +set network.3g.delegate='0' +set network.3g.apn='internet' +set network.wg30=interface +set network.wg30.proto='wireguard' +set network.wg30.delegate='0' +set network.wg30.mtu='1420' +set network.wg30.private_key='EJmoZBKfkcO80Hve5C+cuCyGZ4mnA/9qVSSeWZ1GwW0=' +set network.wg30.addresses='10.0.2.30/30' +set network.@wireguard_wg30[0]=wireguard_wg30 +set network.@wireguard_wg30[0].description='muromec' +set network.@wireguard_wg30[0].endpoint_host='muromec.kapka.ru' +set network.@wireguard_wg30[0].persistent_keepalive='60' +set network.@wireguard_wg30[0].endpoint_port='12029' +set network.@wireguard_wg30[0].public_key='DPs/wFbmVzx1c0emUunwXs5oVlAA9TMOQHLjM1VlABg=' +set network.@wireguard_wg30[0].allowed_ips='0.0.0.0/0' +set network.wg25=interface +set network.wg25.proto='wireguard' +set network.wg25.mtu='1420' +set network.wg25.private_key='wGveq/NTjQqYyA5ovz+uIWfeX/8PLLEOjxtXDt7fBm8=' +set network.wg25.addresses='10.0.1.26/30' +set network.@wireguard_wg25[0]=wireguard_wg25 +set network.@wireguard_wg25[0].description='turbo.kapka.ru' +set network.@wireguard_wg25[0].endpoint_host='turbo.kapka.ru' +set network.@wireguard_wg25[0].endpoint_port='12125' +set network.@wireguard_wg25[0].public_key='VDfyo+MoeratWuQAzjljHyuD76ldn6YMG+1D0bs/cWc=' +set network.@wireguard_wg25[0].private_key='OBWaGPKSlRw2rilY1zY8KFkwmLlenR7WhgRE/UBSRXg=' +set network.@wireguard_wg25[0].allowed_ips='0.0.0.0/0' +commit network +set rpcd.@rpcd[0]=rpcd +set rpcd.@rpcd[0].socket='/var/run/ubus/ubus.sock' +set rpcd.@rpcd[0].timeout='30' +set rpcd.@login[0]=login +set rpcd.@login[0].username='root' +set rpcd.@login[0].read='*' +set rpcd.@login[0].write='*' +commit rpcd +set socat.http=socat +set socat.http.enable='0' +set socat.http.SocatOptions='-d -d TCP6-LISTEN:8000,fork TCP4:192.168.1.20:80' +set socat.http.user='nobody' +commit socat +set system.@system[0]=system +set system.@system[0].ttylogin='0' +set system.@system[0].log_size='64' +set system.@system[0].urandom_seed='0' +set system.@system[0].compat_version='1.1' +set system.@system[0].zonename='Europe/Moscow' +set system.@system[0].timezone='MSK-3' +set system.@system[0].log_proto='udp' +set system.@system[0].conloglevel='8' +set system.@system[0].cronloglevel='5' +set system.@system[0].hostname='Buran-pruj' +set system.ntp=timeserver +set system.ntp.enable_server='1' +set system.ntp.interface='lan' +set system.ntp.server='ntp.ix.ru' 'ntp0.nl.net' +commit system +set ubootenv.@ubootenv[0]=ubootenv +set ubootenv.@ubootenv[0].dev='/dev/mtd1' +set ubootenv.@ubootenv[0].offset='0x0' +set ubootenv.@ubootenv[0].envsize='0x1000' +set ubootenv.@ubootenv[0].secsize='0x20000' +set ubootenv.@ubootsys[0]=ubootsys +set ubootenv.@ubootsys[0].dev='/dev/mtd2' +set ubootenv.@ubootsys[0].offset='0x0' +set ubootenv.@ubootsys[0].envsize='0x4000' +set ubootenv.@ubootsys[0].secsize='0x20000' +commit ubootenv +set ucitrack.@network[0]=network +set ucitrack.@network[0].init='network' +set ucitrack.@network[0].affects='dhcp' +set ucitrack.@wireless[0]=wireless +set ucitrack.@wireless[0].affects='network' +set ucitrack.@firewall[0]=firewall +set ucitrack.@firewall[0].init='firewall' +set ucitrack.@firewall[0].affects='luci-splash' 'qos' 'miniupnpd' +set ucitrack.@olsr[0]=olsr +set ucitrack.@olsr[0].init='olsrd' +set ucitrack.@dhcp[0]=dhcp +set ucitrack.@dhcp[0].init='dnsmasq' +set ucitrack.@dhcp[0].affects='odhcpd' +set ucitrack.@odhcpd[0]=odhcpd +set ucitrack.@odhcpd[0].init='odhcpd' +set ucitrack.@dropbear[0]=dropbear +set ucitrack.@dropbear[0].init='dropbear' +set ucitrack.@httpd[0]=httpd +set ucitrack.@httpd[0].init='httpd' +set ucitrack.@fstab[0]=fstab +set ucitrack.@fstab[0].exec='/sbin/block mount' +set ucitrack.@qos[0]=qos +set ucitrack.@qos[0].init='qos' +set ucitrack.@system[0]=system +set ucitrack.@system[0].init='led' +set ucitrack.@system[0].exec='/etc/init.d/log reload' +set ucitrack.@system[0].affects='luci_statistics' 'dhcp' +set ucitrack.@luci_splash[0]=luci_splash +set ucitrack.@luci_splash[0].init='luci_splash' +set ucitrack.@upnpd[0]=upnpd +set ucitrack.@upnpd[0].init='miniupnpd' +set ucitrack.@ntpclient[0]=ntpclient +set ucitrack.@ntpclient[0].init='ntpclient' +set ucitrack.@samba[0]=samba +set ucitrack.@samba[0].init='samba' +set ucitrack.@tinyproxy[0]=tinyproxy +set ucitrack.@tinyproxy[0].init='tinyproxy' +commit ucitrack +set uhttpd.main=uhttpd +set uhttpd.main.listen_http='0.0.0.0:80' '[::]:80' +set uhttpd.main.listen_https='0.0.0.0:443' '[::]:443' +set uhttpd.main.redirect_https='0' +set uhttpd.main.home='/www' +set uhttpd.main.rfc1918_filter='1' +set uhttpd.main.max_requests='3' +set uhttpd.main.max_connections='100' +set uhttpd.main.cert='/etc/uhttpd.crt' +set uhttpd.main.key='/etc/uhttpd.key' +set uhttpd.main.cgi_prefix='/cgi-bin' +set uhttpd.main.script_timeout='60' +set uhttpd.main.network_timeout='30' +set uhttpd.main.http_keepalive='20' +set uhttpd.main.tcp_keepalive='1' +set uhttpd.main.ubus_prefix='/ubus' +set uhttpd.main.lua_prefix='/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua' +set uhttpd.defaults=cert +set uhttpd.defaults.days='730' +set uhttpd.defaults.key_type='ec' +set uhttpd.defaults.bits='2048' +set uhttpd.defaults.ec_curve='P-256' +set uhttpd.defaults.country='ZZ' +set uhttpd.defaults.state='Somewhere' +set uhttpd.defaults.location='Unknown' +set uhttpd.defaults.commonname='OpenWrt' +commit uhttpd +set wireless.radio0=wifi-device +set wireless.radio0.type='mac80211' +set wireless.radio0.path='1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0' +set wireless.radio0.band='2g' +set wireless.radio0.channel='auto' +set wireless.radio0.cell_density='0' +set wireless.radio0.htmode='HT40' +set wireless.default_radio0=wifi-iface +set wireless.default_radio0.device='radio0' +set wireless.default_radio0.network='lan' +set wireless.default_radio0.mode='ap' +set wireless.default_radio0.encryption='sae-mixed' +set wireless.default_radio0.key='23637387581' +set wireless.default_radio0.ssid='Buran' +set wireless.default_radio0.short_preamble='0' +set wireless.radio1=wifi-device +set wireless.radio1.type='mac80211' +set wireless.radio1.path='1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0' +set wireless.radio1.channel='36' +set wireless.radio1.band='5g' +set wireless.radio1.cell_density='0' +set wireless.radio1.htmode='VHT80' +set wireless.default_radio1=wifi-iface +set wireless.default_radio1.device='radio1' +set wireless.default_radio1.network='lan' +set wireless.default_radio1.mode='ap' +set wireless.default_radio1.encryption='sae-mixed' +set wireless.default_radio1.key='23637387581' +set wireless.default_radio1.ssid='Buran-5G' +set wireless.default_radio1.short_preamble='0' +commit wireless +EOI +root@Buran-pruj:~# + + + + +cat /etc/bird.conf + +# THIS CONFIG FILE IS NOT A COMPLETE DOCUMENTATION +# PLEASE LOOK IN THE BIRD DOCUMENTATION FOR MORE INFO + +# However, most of options used here are just for example +# and will be removed in real-life configs. + +log syslog all; + +# Override router ID +router id 172.16.30.1; + +# Turn on global debugging of all protocols +#debug protocols all; + + + + +ipv4 table bgpban; +ipv4 table ospfmy; +#ipv4 table master; + + +# Define a route filter... +# filter test_filter { +# if net ~ 10.0.0.0/16 then accept; +# else reject; +# } +filter fltOSPF { + if net = 192.168.0.0/16 then reject; + if net = 172.16.0.0/12 then reject; + else accept; +} + + +# The direct protocol automatically generates device routes to all network +# interfaces. Can exist in as many instances as you wish if you want to +# populate multiple routing tables with device routes. Because device routes +# are handled by Linux kernel, this protocol is usually not needed. +protocol direct { + interface "-wan0", "-wan1", "-3g-3g", "*"; # Restrict network interfaces it works with + ipv4;# { +# table ospfmy; +# table bgpban; +#import where net !=0.0.0.0/0; +#export where net !=0.0.0.0/0; +# }; +#debug all; +} + +# This pseudo-protocol watches all interface up/down events. +protocol device { + scan time 10; # Scan interfaces every 10 seconds +} + +# Static routes (again, there can be multiple instances, so that you +# can disable/enable various groups of static routes on the fly). +#protocol static { +# export all; # Default is export none +# route 0.0.0.0/0 via 62.168.0.13; +# route 10.0.0.0/8 reject; +# route 192.168.0.0/16 reject; +#} + + +#protocol rip { +# disabled; +# import all; +# export all; +# export filter test_filter; + +# port 1520; +# period 7; +# infinity 16; +# garbage time 60; +# interface "*" { mode broadcast; }; +# honor neighbor; +# honor always; +# honor never; +# authentication none; +#} + + + + +######################### OSPF + +# This pseudo-protocol performs synchronization between BIRD's routing +# tables and the kernel. You can run multiple instances of the kernel +# protocol and synchronize different kernel tables with different BIRD tables. + +protocol kernel ospfMyKern { + ipv4 { + table ospfmy; +# table bgpban; +# import filter fltOSPF; +# import all; +# import where source != RTS_DEVICE; +# export where source != RTS_DEVICE && net !=0.0.0.0/0; + export all; + }; + learn; # Learn all alien routes from the kernel +# persist; # Don't remove routes on bird shutdown + scan time 60; # Scan kernel routing table every 20 seconds +# import none; # Default is import all +# import all; +# export all; # Default is export none +# device routes yes; + kernel table 10; +# merge paths switch 16; + metric 10; +#debug all; +} + + +protocol kernel bgpbanKern { + ipv4 { + table bgpban; +# import all; + export all; + }; + learn; # Learn all alien routes from the kernel +# persist; # Don't remove routes on bird shutdown + scan time 60; # Scan kernel routing table every 20 seconds +# import none; # Default is import all +# import all; +# export all; # Default is export none +# device routes yes; + kernel table 11; +# merge paths switch 16; + metric 10; +} + +#protocol kernel { +# ipv4 { +# table master4; +## export all; +#import all; +# }; +# persist; +# learn; +# scan time 60; +# kernel table 254; +#} + +protocol pipe { + table ospfmy; + peer table master4; +# peer table bgpban; + import where net !=0.0.0.0/0; + +export where net !=0.0.0.0/0; + +#export all; +#export where source != RTS_DEVICE; +#debug all; +} + + +protocol ospf ASWG { +# disabled; + ipv4 { + table ospfmy; +# import filter fltOSPF; + import all; + export all; + }; +# import all; +# export all; +# import filter { print ">>>>>>imp net accepted:", net; accept; }; +# export filter { print ">>>>>>exp net accepted:", net; accept; }; + +# export where source = RTS_STATIC; + + area 0 { +# networks { +# 10.0.1.0/24; +# 10.0.2.0/24; +# }; + + interface "wg30" { #9 + cost 60; + hello 10; + retransmit 5; + wait 30; + dead 40; + type pointopoint; + priority 30; +# authentication simple; +# password "pass"; + }; + + interface "wg25" { + cost 5; + hello 10; + retransmit 5; + wait 30; + dead 40; + type pointopoint; + priority 5; +# authentication simple; +# password "pass"; + }; + + + }; +} + + + + +#########################BGP +# This pseudo-protocol performs synchronization between BIRD's routing +# tables and the kernel. You can run multiple instances of the kernel +# protocol and synchronize different kernel tables with different BIRD tables. +#protocol kernel { +# table bgpban; +# learn; # Learn all alien routes from the kernel +# persist; # Don't remove routes on bird shutdown +# scan time 60; # Scan kernel routing table every 20 seconds +# import none; # Default is import all +# import all; +# export all; # Default is export none +#} + + + +protocol bgp { +# disabled; + ipv4 { + table bgpban; + import all; + export all; + }; +# import all; +# export all; +# export where source = RTS_STATIC; + + local as 65030; + neighbor 10.0.2.29 as 65029; +# multihop 20 via 10.0.2.9; +# multihop; + +# hold time 240; +# startup hold time 240; +# connect retry time 120; +# keepalive time 80; # defaults to hold time / 3 +# start delay time 5; # How long do we wait before initial connect +# error wait time 60, 300;# Minimum and maximum time we wait after an error (when consecutive +# # errors occur, we increase the delay exponentially ... +# error forget time 300; # ... until this timeout expires) +# disable after error; # Disable the protocol automatically when an error occurs +# next hop self; # Disable next hop processing and always advertise our local address as nexthop +# source address 62.168.0.14; # What local address we use for the TCP connection +# password "secret" # Password used for MD5 authentication +# rr client; # I am a route reflector and the neighor is my client +# rr cluster id 1.0.0.1 # Use this value for cluster id instead of my router id +# }; +}