I'm encountering an issue with OSPF redistribution. I've configured an ospf-out ruleset to filter specific routes, but it seems that 10.242.99.X/32 routes are not being filtered.
Based on my understanding, this shouldn't happen, as there's a catch-all reject rule at the end and the given subnet and mask doesn't match any accept rules. The ruleset is enabled and selected as Out Filter in the instance configuration.
Could someone please shed light on why these 10.242.99.X/32 routes are escaping the filter?
Config is from a CCR2004 running 7.13rc2.
Code: Select all
/routing/filter/rule> pr where chain=ospf-out
Flags: X - disabled, I - inactive
0 chain=ospf-out rule="if (dst in 10.255.255.0/24 && dst-len == 32) { accept; }"
1 chain=ospf-out rule="if (dst in 10.13.37.0/24 && dst-len == 32) { accept; }"
2 chain=ospf-out rule="if (dst in 169.254.0.0/16 && dst-len == 24) { accept; }"
3 chain=ospf-out rule="reject;"