Community discussions

 
markmcn
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 78
Joined: Wed Mar 03, 2010 2:15 am

Filter Matching For RFC1918

Sun Dec 16, 2012 2:52 am

Hi All
I'm trying to write a filter chain while will act as an inbound policy for BGP peers to only accept routes in RFC 1918 space.
I tried the following
/routing filter
add action=accept chain=RFC1918 comment="10.0.0.0 - 10.255.255.255" disabled=no invert-match=no prefix=\
10.0.0.0/8 set-bgp-prepend-path=""
add action=accept chain=RFC1918 comment="172.16.0.0 - 172.31.255.255 " disabled=no invert-match=no prefix=\
172.16.0.0 prefix-length=12 set-bgp-prepend-path=""
add action=accept chain=RFC1918 comment="192.168.0.0 - 192.168.255.255" disabled=no invert-match=no prefix=\
192.168.0.0/16 set-bgp-prepend-path=""
add action=discard chain=RFC1918 comment="Discard All Routes Not In RFC1918" disabled=no invert-match=no \
set-bgp-prepend-path=""

and advertised 192.168.1.0/24 thinking it would be accepted by the rule matching 192.168.0.0/16 however the /24 route was never installed in the main routing table.
Can anyone please advise what I'm doing wrong or if I'm going about this all wrong?
I've tested this with RouterOS 5.22 running on I386 hardware
Thanks you for your help and taking the time to read this post
 
markmcn
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 78
Joined: Wed Mar 03, 2010 2:15 am

Re: Filter Matching For RFC1918

Sun Dec 16, 2012 3:08 am

Never mind asked and answered
Sorry I finally found this reading the request for BGP features
Here is the complete chin to only accept RF1918 addresses hope this helps someone else
/routing filter
add action=discard chain=RFC1918 comment="Discard Any Default Route" disabled=no invert-match=no prefix=\
0.0.0.0/0 set-bgp-prepend-path=""
add action=accept chain=RFC1918 comment="10.0.0.0 - 10.255.255.255" disabled=no invert-match=no prefix=\
10.0.0.0/8 prefix-length=8-32 set-bgp-prepend-path=""
add action=accept chain=RFC1918 comment="172.16.0.0 - 172.31.255.255 " disabled=no invert-match=no prefix=\
172.16.0.0/12 prefix-length=12-32 set-bgp-prepend-path=""
add action=accept chain=RFC1918 comment="192.168.0.0 - 192.168.255.255" disabled=no invert-match=no prefix=\
192.168.0.0/16 prefix-length=16-32 set-bgp-prepend-path=""
add action=discard chain=RFC1918 comment="Discard All Routes Not In RFC1918" disabled=no invert-match=no \
set-bgp-prepend-path=""

Sorry I had left out the CIDR in the prefix condition corrected it

Who is online

Users browsing this forum: No registered users and 13 guests