Community discussions

MikroTik App
 
User avatar
savagedavid
Trainer
Trainer
Topic Author
Posts: 320
Joined: Thu Aug 25, 2005 12:58 pm
Location: Cape Town, South Africa
Contact:

Firewall Address List in Route Filters [solved]

Mon Mar 14, 2022 8:07 pm

I'm not sure if this is a bug or a feature request! With v7 BGP you need to advertise networks by using a firewall address list. I have a script that automatically sets up all the filters for me, previously populating BGP Networks and using the same info to update scripts was quite easy.

With the new filter format I have a rule to reject your own range being advertised back to you. Usually It would take the following format.
if (dst in 100.0.0.0/22 && dst-len <= 32) { reject; }
However I was hoping to be able to do all ranges at once from the firewall address list e.g.
if (dst in bgp-networks && dst-len <= 32) { reject; }

The filter rule accepts the code above with no errors, but it does not work. So the question is, can you use firewall address lists in route filters? And if not, this seems like a really nice feature to include.
 
User avatar
savagedavid
Trainer
Trainer
Topic Author
Posts: 320
Joined: Thu Aug 25, 2005 12:58 pm
Location: Cape Town, South Africa
Contact:

Re: Firewall Address List in Route Filters [solved]

Thu Mar 17, 2022 3:29 pm

I received a response from support. Seems like firewall address list can only match an exact prefix and not a range. It might be added in a future release.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Firewall Address List in Route Filters [solved]

Thu Mar 17, 2022 3:35 pm

With the new filter format I have a rule to reject your own range being advertised back to you.
Why do you need to filter that? When you have a locally connected route and get the same route via BGP, the locally connected route will have a lower distance and takes precedence.

Who is online

Users browsing this forum: No registered users and 16 guests