Subj.
Is it possible, or i have to create ACL for each prefix length and create dedicated filter rule for each one, like:
/ip/firewall/address-list/add address=x.x.x.x/16 list=ALC_lng_16
/ip/firewall/address-list/add address=y.y.y.y/16 list=ALC_lng_16
/routing/filter/rule/set chain=neighbor1 rule=if (dst in ALC_lng_16 && dst-len>=16) …
And so on for /17, /18…
Have you tried that? What are the results? You have almost 99% job done.
I know it works. But i don’t like the overweighted configs😅. So I’d want to implement the filter like this:
/ip/firewall/address-list/add address=x.x.x.x /16 list=any_pref_len
/ip/firewall/address-list/add address=y.y.y.y /17 list=any_pref_len
/ip/firewall/address-list/add address=z.z.z.z /18 list=any_pref_len
…
/routing/filter/rule/set chain=neighbor1 rule=if (dst in any_pref_len && dst-len>=16) …
Instead of 9 different filters for each prefix lenghts between /16 and /24. Will it works? Would it not be a conflict, if the prefix /16 in “dst_len” is shorter then the real prefix in ACL(/17, /18,…)?
Emmm... Is it relevant information?
"In"
Return true if the prefix is the subnet of the provided network. If an operator is used to match prefixes from the address list (e.g "dst in list_name"), then it will match only the exact prefix.
So, if i want to match the subnets, i have to create all the prefixes in the Routing/filters, and can't use ACLs?