Hi All
I'm trying to write a filter chain while will act as an inbound policy for BGP peers to only accept routes in RFC 1918 space.
I tried the following
/routing filter
add action=accept chain=RFC1918 comment="10.0.0.0 - 10.255.255.255" disabled=no invert-match=no prefix=\
10.0.0.0/8 set-bgp-prepend-path=""
add action=accept chain=RFC1918 comment="172.16.0.0 - 172.31.255.255 " disabled=no invert-match=no prefix=\
172.16.0.0 prefix-length=12 set-bgp-prepend-path=""
add action=accept chain=RFC1918 comment="192.168.0.0 - 192.168.255.255" disabled=no invert-match=no prefix=\
192.168.0.0/16 set-bgp-prepend-path=""
add action=discard chain=RFC1918 comment="Discard All Routes Not In RFC1918" disabled=no invert-match=no \
set-bgp-prepend-path=""
and advertised 192.168.1.0/24 thinking it would be accepted by the rule matching 192.168.0.0/16 however the /24 route was never installed in the main routing table.
Can anyone please advise what I'm doing wrong or if I'm going about this all wrong?
I've tested this with RouterOS 5.22 running on I386 hardware
Thanks you for your help and taking the time to read this post
Re: Filter Matching For RFC1918
Never mind asked and answered
Sorry I finally found this reading the request for BGP features
Here is the complete chin to only accept RF1918 addresses hope this helps someone else
/routing filter
add action=discard chain=RFC1918 comment="Discard Any Default Route" disabled=no invert-match=no prefix=\
0.0.0.0/0 set-bgp-prepend-path=""
add action=accept chain=RFC1918 comment="10.0.0.0 - 10.255.255.255" disabled=no invert-match=no prefix=\
10.0.0.0/8 prefix-length=8-32 set-bgp-prepend-path=""
add action=accept chain=RFC1918 comment="172.16.0.0 - 172.31.255.255 " disabled=no invert-match=no prefix=\
172.16.0.0/12 prefix-length=12-32 set-bgp-prepend-path=""
add action=accept chain=RFC1918 comment="192.168.0.0 - 192.168.255.255" disabled=no invert-match=no prefix=\
192.168.0.0/16 prefix-length=16-32 set-bgp-prepend-path=""
add action=discard chain=RFC1918 comment="Discard All Routes Not In RFC1918" disabled=no invert-match=no \
set-bgp-prepend-path=""
Sorry I had left out the CIDR in the prefix condition corrected it
Sorry I finally found this reading the request for BGP features
Here is the complete chin to only accept RF1918 addresses hope this helps someone else
/routing filter
add action=discard chain=RFC1918 comment="Discard Any Default Route" disabled=no invert-match=no prefix=\
0.0.0.0/0 set-bgp-prepend-path=""
add action=accept chain=RFC1918 comment="10.0.0.0 - 10.255.255.255" disabled=no invert-match=no prefix=\
10.0.0.0/8 prefix-length=8-32 set-bgp-prepend-path=""
add action=accept chain=RFC1918 comment="172.16.0.0 - 172.31.255.255 " disabled=no invert-match=no prefix=\
172.16.0.0/12 prefix-length=12-32 set-bgp-prepend-path=""
add action=accept chain=RFC1918 comment="192.168.0.0 - 192.168.255.255" disabled=no invert-match=no prefix=\
192.168.0.0/16 prefix-length=16-32 set-bgp-prepend-path=""
add action=discard chain=RFC1918 comment="Discard All Routes Not In RFC1918" disabled=no invert-match=no \
set-bgp-prepend-path=""
Sorry I had left out the CIDR in the prefix condition corrected it
Who is online
Users browsing this forum: No registered users and 13 guests