Why does this not work?
/routing filter add action=accept chain=ospf-in comment=“Allow specific routes” prefix=10.240.254.0/24 prefix-length=24-32 protocol=bgp
/routing filter add action=discard chain=ospf-in comment=“Drop all other BGP redistributed routes” protocol=bgp
Yet as soon as I enable redistribution on the OSPF instance, ALL bgp routes are injected into OSPF. What gives? I figured the ‘protocol=bgp’ field would match any routes redistributed in, since they originate from BGP
Ah figured it out straight after posting this. I figured that the best place to do this is on the ‘in’ filter since in my head BGP routes are going ‘in’ to the OSPF instance and I don’t even want them in the internal OSPF route database in the first place, but I guess thats not how it works? It seems to bypass that chain and go directly into the OSPF instance anyway. Hence I need to filter it on the ‘out’ chain
Simply changing ospf-in to ospf-out works
OSPF-in chain is used only when routes are received from other OSPF neighbors.
To control what external routes will be sent to other OSPF neighbors you need to use OSPF out.