Route filter processing

RouterOS General
1

When looking at the Route Filter (used with BGP routing) I assumed that it would be processed in a similar fashion as the Firewall, i.e. top down processing of the entries until a match is found, which then either accepts or rejects the entry and ends the filter processing.
The presence of a “passthrough” action also pointed me to that, as that would apparently continue the processing even after a match.

However, it does not appear to work like that… I have the following input filter:

/routing filter
add action=accept chain=hamnet-in prefix=44.0.0.0/8 prefix-length=8-16
add action=accept chain=hamnet-in prefix=44.137.40.0/23 prefix-length=24-32
add action=accept chain=hamnet-in prefix=0.0.0.0/0 prefix-length=0
add action=discard chain=hamnet-in prefix=0.0.0.0/0 prefix-length=0-128

The idea is to accept some prefixes in the 44 network and also the default route, but discard all other routes.
It does not work, the 0.0.0.0/0 default route is not accepted by this filter.
When I change the last entry to prefix-length=1-128 it accepts the default route.
Is there no way to tell the filter that after the match of the 3rd line it should not evaluate the 4th line anymore?

2

Hi,

you don’t have to mess with prefix-length if your are about to match a single prefix only.
just don’t use it, or if you did, unset it.

also, for the drop everything else rule you don’t need matchers, just an action.

i recommend to use prefix-length matchers with values that are specific for the address-family
you use them with. e.g for IPv4 the max length shall be 32. it should not be of any harm, but looks pretty weird. :slight_smile:

i rewrote your filters according to these

/routing filter
remove [find chain=hamnet-in]
add action=accept chain=hamnet-in prefix=44.0.0.0/8 prefix-length=8-16
add action=accept chain=hamnet-in prefix=44.137.40.0/23 prefix-length=24-32
add action=accept chain=hamnet-in prefix=0.0.0.0/0
add action=discard chain=hamnet-in

and of course after changing the filter a route refresh comes handy at the affected BGP peers.
cheers,

3

Ok that works fine!
Thank you for the hints!