ospf filter public nets

RouterOS Forwarding Protocols
1

Hi,
We use OSPF to distribute connected and static routes, which works pretty well. All networks varies between /22 and /27 and are both, public and private nets.
I’t nice to distribute connected nets, because it greatly cuts down maintenance. The thing is … we don’t want the public nets be be distributed.

I made the following filter

/routing filter add action=accept chain=ospf-out prefix=10.0.0.0/8 protocol=ospf
/routing filter add action=accept chain=ospf-out prefix=192.168.0.0/16 protocol=ospf
/routing filter add action=accept chain=ospf-out prefix=172.16.0.0/12 protocol=ospf
/routing filter add action=discard chain=ospf-out protocol=ospf
/routing filter add action=accept chain=ospf-in prefix=10.0.0.0/8 protocol=ospf
/routing filter add action=accept chain=ospf-in prefix=192.168.0.0/16 protocol=ospf
/routing filter add action=discard chain=ospf-in protocol=ospf

thinking it would accept anything in privat nets and drop the rest. But, it does not work that way. routeros looks at the net plust it’s mask.
Is there a way to exclude public networks from ospf redistribution without having to specify all the nets?

ps:
small cut out of the routes

 1 ADC  10.171.13.0/23                     ether8-mgmt               0
 2 ADo  10.27.130.0/23                     10.216.220.254          110
 3 ADo  10.177.10.0/27                     10.216.218.2            110
 4 ADo  10.71.162.0/23                     10.216.220.254          110
 5 ADo  10.116.227.0/24                    10.216.220.254          110
 6 ADC  10.115.108.0/24                     vlan218-bonding...        0
 7 ADo  191.12.129.0/30                    10.216.218.2            110
 8 ADo  85.108.116.0/27                    10.216.218.11           110
 9 ADo  21.174.91.0/25                     10.216.218.2            110
10 ADo  114.71.93.192/27                   10.216.218.2            110

and this is what I want tot be seen by others

 1 ADC  10.171.13.0/23                     ether8-mgmt               0
 2 ADo  10.27.130.0/23                     10.216.220.254          110
 3 ADo  10.177.10.0/27                     10.216.218.2            110
 4 ADo  10.71.162.0/23                     10.216.220.254          110
 5 ADo  10.116.227.0/24                    10.216.220.254          110
 6 ADC  10.115.108.0/24                     vlan218-bonding...        0
2

You can tweak the filter you made a little and get it to work:

/routing filter add action=accept chain=ospf-out prefix=10.0.0.0/8  protocol=ospf prefix-length=8-32
/routing filter add action=accept chain=ospf-out prefix=192.168.0.0/16 protocol=ospf prefix-length=16-32
/routing filter add action=accept chain=ospf-out prefix=172.16.0.0/12 protocol=ospf prefix-length=12-32
/routing filter add action=discard chain=ospf-out protocol=ospf
/routing filter add action=accept chain=ospf-in prefix=10.0.0.0/8 protocol=ospf prefix-length=8-32
/routing filter add action=accept chain=ospf-in prefix=192.168.0.0/16 protocol=ospf prefix-length=16-32
/routing filter add action=discard chain=ospf-in protocol=ospf

By adding the prefix-length specification, you can tell OSPF that the rule applies to any subnet under the specified subnet with a “length” in the range you specify. My changes allow for any subnet down to a single IP, but you could change it to 25-27 to only advertise /25s, /26s, and /27s; or just 27 to only advertise /27s in those ranges. Side note: if you want to filter the default route you need to set prefix=0.0.0.0/0 prefix-length=0

3

Thnx, Think I missed prefix-length as a range

will be testing tomorrow :wink:

update: now I know i missed specifying the prefix as a range. Works perfectly now.