I have this this filter in version 6 called “BGP-OUT” which basically only sends out only my IP block to all my BGP peers and works perfectly. The question is now how do we create the same filter in version 7 which is a bit confusion on how to write the syntax. Below is my current filter in version 6
add action=accept chain=bgp-out prefix=123.123.123.0/24 prefix-length=24-32
add action=discard chain=bgp-out prefix=!123.123.123.0/24
Probably something like this:
add chain=foo rule="if (dst in 123.123.123.0/24 && dst-len in 24-32) { accept }"
# or?
add chain=foo rule="if (dst in 123.123.123.0/24 && dst-len >= 24) { accept }"
# although that seems to be redundant, you could probably just do
add chain=foo rule="if (dst in 123.123.123.0/24) { accept }"
# or if you want only the /24 exactly
add chain=foo rule="if (dst == 123.123.123.0/24) { accept }"
# finally
add chain=foo rule="reject"