MikroTik

Community discussions
https://forum.mikrotik.com/

Routing filters problem

https://forum.mikrotik.com/viewtopic.php?t=80019

Page 1 of 1

Routing filters problem

Posted: Tue Dec 17, 2013 11:14 pm
by pkelly1603
I am trying to filter on the OSPF-out chain but it does not work the way I expected.

I have 2 routers, "Router 1" and "Router 2". Router 1 has only one rule on the OSPF-out chain (discard all). Here is the router 1 configuration:
Code: Select all
/routing filters
add action=discard chain=ospf-out comment="Drop all" disabled=no invert-match=\
    no set-bgp-prepend-path=""

/routing ospf instance
set [ find default=yes ] disabled=no distribute-default=never in-filter=ospf-in \
    metric-bgp=auto metric-connected=20 metric-default=1 metric-other-ospf=auto \
    metric-rip=20 metric-static=20 name=default out-filter=ospf-out \
    redistribute-bgp=no redistribute-connected=no redistribute-other-ospf=no \
    redistribute-rip=no redistribute-static=no router-id=x.x.x.x
Router 2 is receiving routes from Router 1 though and I can't understand why. Shouldn't a discard rule prevent a router from sending its routes to any other routers?

thanks,
Philip

Re: Routing filters problem

Posted: Wed Dec 18, 2013 2:45 am
by samsung172
You need to match someting in rule. Usually a firewall routing mark. Chain ospf-in is just the name. not matching "all ospf in traffic"

Re: Routing filters problem

Posted: Wed Dec 18, 2013 4:35 pm
by pkelly1603
I don't understand, what would I match in the rule? Should I put packet marks on OSPF traffic?

I thought the routing filters could tell which chain to use based on which instance the route advertisements were received or sent on. What is the point in setting an "in filter" or "out filter" on an OSPF instance if you have to mark the packets to be filtered anyway?

thanks,
Philip

Re: Routing filters problem

Posted: Fri Jan 24, 2014 5:34 am
by faisali
I don't understand, what would I match in the rule? Should I put packet marks on OSPF traffic?

I thought the routing filters could tell which chain to use based on which instance the route advertisements were received or sent on. What is the point in setting an "in filter" or "out filter" on an OSPF instance if you have to mark the packets to be filtered anyway?

thanks,
Philip
I believe you mis-understood the reply.

So, let me try to explain....
Using Filters for filtering routes in & routers out when configuring OSPF is optional.

If you are going to use Filters, you need to define the 'content / rule' of the filter.
What you originally posted is a partial statement about an ospf-out chain with no rule to match anything, thus it is acting as if you did not have a filter defined, i.e. allow everything..

------------ Your Configuration Statement...
/routing filters
add action=discard chain=ospf-out comment="Drop all" disabled=no invert-match=no set-bgp-prepend-path=""
-------------

A proper filter statement would be something like this...

-----------------------
/routing filters
add action=discard chain=ospf-out comment="Drop all" disabled=no invert-match=no prefix=.0.0.0.0/0 prefix-length=0 set-bgp-prepend-path=""
------------------------
Essentially the above statement is saying discard all prefixes that match 0.0.0.0/0 prefix-length=0 i.e. drop everything, do not send anything.

Hope this offers a better explanation.
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/