OSPF Filtering Issues

maxrate · August 19, 2011, 12:58pm

Hi everyone,

I have a router receiving it’s routes via OSFP. On the router, I have set up a incoming filter to block 10.x.x.x addresses (not working)

In the routing table I see several 10.0.32.0/24, 10.0.46.0/24, 10.0.31.0/24, etc making it thru the incoming OSFP filter.

Here is the filter I am using:

chain=ospf-in prefix=10.0.0.0/8 invert-match=no action=discard

However, when I put a more specific route in for the filter prefix=10.0.32.0/24, it will indeed block that 10.0.32.0/24 block. This is good, as I know I’m not completely wrong in setting up an OSPF filter, but I have a large number of 10.x.x.x blocks that I would need to manually put filter rules in for, when ideally I would like to filter the entire 10.0.0.0/8 range. I’ve also tried 10.0.0.0/16, no luck.

I don’t understand what is happening.

Thanks for your help.

mrz · August 19, 2011, 1:10pm

If you specify 10.0.0.0/8 then it wil try to match that rotue only

to block whole range set also prefix-length=8-32

maxrate · August 19, 2011, 1:26pm

To be clear, what would I enter in the prefix field?

“10.0.0.0” or “10”
prefix-length=8

thanks for the information1

mrz · August 19, 2011, 1:30pm

prefix=10.0.0.0/8 prefix-length=8-32

btw manual explains these two parameters quite well.

maxrate · August 19, 2011, 1:50pm

Thanks - I looked thru the manaul - always do before posting, I guess I missed it.

thanks

maxrate · August 19, 2011, 1:53pm

Works! thank you