Hi Since ros v7.1, I have a problem with a bgp filter concerning the bogon list that I receive from team cymru. My filter looks like this: 1 chain=cymru-in rule="if ( bgp-communities includes 65332:888 ) { set blackhole yes; accept;} else { reject;}" but the routes are not blackholed, for ...
Are you sure you applied the chain to the input.filter on the connection to the peer? I already tried that, but that does not work either. I also tried to remove all the rules and recreate them, it does not work. It's only the "bgp-communities includes 65332:888" part that does not work. ...
Hi pe1chl, There's definitely something weird. I added a rule in the first place that adds the same community: 0 chain=cymru-in rule="if (gw == a.b.c.d ) { append bgp-communities 65332:888 }" and now the other rule works for this peer, but not the other one: In that case the 65332:888 com...
Hi pe1chl, There's definitely something weird. I added a rule in the first place that adds the same community: 0 chain=cymru-in rule="if (gw == a.b.c.d ) { append bgp-communities 65332:888 }" and now the other rule works for this peer, but not the other one: Ab B afi=ip4 contribution=activ...
I already tried that, but that does not work either. I also tried to remove all the rules and recreate them, it does not work. It's only the "bgp-communities includes 65332:888" part that does not work. If I change that for "gw == a.b.c.d", then the rule works. Mathieu this simpl...
this simple routing rule still does not work: 0 chain=cymru-in rule="if ( bgp-communities includes 65332:888 ) { accept } else { reject }" all routes are rejected although they contain the right community: Fb afi=ip4 contribution=filtered dst-address=23.151.160.0/24 routing-table=main gate...
I found something weird on my RB750Gr3 running v7.1.1: when this rule is enabled: 0 ;;; defconf: masquerade chain=srcnat action=masquerade out-interface-list=internet ipsec-policy=out,none my pppoe client are stable. as soon as I disable this rule, that I don't need, my ppp clients are disconnected ...
is there a way to see what announces are received ? i'd like to check if it detects the right communities, but I can find it anywhere Thanks, Mathieu routing route print detail Will show all BGP attributes after input filters. ok, so the community is correct: Fb afi=ip4 contribution=filtered dst-ad...
That kind of condition "if (bgp-communities includes 11111:111 )" works for me. Or do you mean the action "set blackhole yes" does not work? (I did not test that) actually, I have two rules, like this: 0 chain=filter-in rule="if (bgp-communities includes 11111:111 ) { set b...
hi are route filters by bgp-communities supposed to work in this release ? I had a filter that used to work in v6, that has been converted like this: rule="if (bgp-communities includes 11111:111 ) { set blackhole yes; accept; }" but it does not work. I tried with a different condition and ...
I'm trying to secure an ipip tunnel beetween my mikrotik and a linux server by using an ipsec secret. On the mikrotik I juste have to add the "ipsec secret", but I can't find the correct setup for the linux host. Has anyone already done that and has a sample config ?
Hi, I'm trying to setup a basic ipsec responder with my mikrotik, running on v6.45.3. The mikrotik router is the responder, and the initiators will be linux PCs with strongswan. The have to get a dynamic address from the responder. First, I set up an ip pool: /ip pool add name=23-2 ranges=172.23.2.1...