I don't understand, what would I match in the rule? Should I put packet marks on OSPF traffic?
I thought the routing filters could tell which chain to use based on which instance the route advertisements were received or sent on. What is the point in setting an "in filter" or "out filter" on an OSPF instance if you have to mark the packets to be filtered anyway?
thanks,
Philip
I believe you mis-understood the reply.
So, let me try to explain....
Using Filters for filtering routes in & routers out when configuring OSPF is optional.
If you are going to use Filters, you need to define the 'content / rule' of the filter.
What you originally posted is a partial statement about an ospf-out chain with no rule to match anything, thus it is acting as if you did not have a filter defined, i.e. allow everything..
------------ Your Configuration Statement...
/routing filters
add action=discard chain=ospf-out comment="Drop all" disabled=no invert-match=no set-bgp-prepend-path=""
-------------
A proper filter statement would be something like this...
-----------------------
/routing filters
add action=discard chain=ospf-out comment="Drop all" disabled=no invert-match=no prefix=.0.0.0.0/0 prefix-length=0 set-bgp-prepend-path=""
------------------------
Essentially the above statement is saying discard all prefixes that match 0.0.0.0/0 prefix-length=0 i.e. drop everything, do not send anything.
Hope this offers a better explanation.