Community discussions

MikroTik App
 
dakobg
Member Candidate
Member Candidate
Topic Author
Posts: 120
Joined: Mon Nov 06, 2017 8:58 am

routing filters default to reject ?

Wed Nov 17, 2021 9:09 am

Hi,

I update hap ac2 from v6.49 to v7.1rc6 before couple of days.
Since I have OSPFv2 I notice something strange with routing filters.

Look like ospf work ok (LSA show all routs) however all 110 routes was added as disabled/filtered in routing table
The solution was just to add routing filters like
[admin@wgw01.sli.dachev.lan] > /routing/filter/export 
# nov/17/2021 08:55:08 by RouterOS 7.1rc6
# software id = VAR9-HQDV
#
# model = RBD52G-5HacD2HnD
# serial number = *********
/routing filter rule
add chain=ospf-out disabled=no rule="if (dst in 0.0.0.0/0) {accept}"
add chain=ospf-in disabled=no rule="if (dst in 0.0.0.0/0) {accept}"
My question is, is this a normal behavior ? I don't remember to have a such issue with ros 6.
Since this is my home network (multiple home's :) ) I use routing filters for OSPF only to filter ISP network (ipsec site to site).
There reason is because I'm lazy and I redistribute connected routes

Also if I disable filters from ospf instance the result was same.

I believe the problem is related to DEFAULT to REJECT in routing filters, if this is the case and is normal behavior please add predefined rules !


note: After upgrade I notice additional routing table without name ! so "no name" and main
I remove "no name" table .. no issues, I guess something in upgrade process ...
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: routing filters default to reject ?  [SOLVED]

Wed Nov 17, 2021 10:55 am

The default action in the filter chain is to reject.

As for added tables after upgrade with an empty name, it will be fixed in the next version.
 
dakobg
Member Candidate
Member Candidate
Topic Author
Posts: 120
Joined: Mon Nov 06, 2017 8:58 am

Re: routing filters default to reject ?

Wed Nov 17, 2021 11:09 am

The default action in the filter chain is to reject.

As for added tables after upgrade with an empty name, it will be fixed in the next version.
Thanks!

I don't have a lot of experience with routing filters but: Is this something new for ros7 (default to reject) ? Sorry for the question
Can you please ask someone to update help/wiki with this replay
The default action in the filter chain is to reject.
in some visible way .. I was not to able to find it :|

Regards,
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: routing filters default to reject ?

Wed Nov 17, 2021 11:45 am

I have added the note about default action here:
https://help.mikrotik.com/docs/pages/vi ... d=74678285
 
dakobg
Member Candidate
Member Candidate
Topic Author
Posts: 120
Joined: Mon Nov 06, 2017 8:58 am

Re: routing filters default to reject ?

Wed Nov 17, 2021 12:42 pm

Thanks again !
 
pe1chl
Forum Guru
Forum Guru
Posts: 10186
Joined: Mon Jun 08, 2015 12:09 pm

Re: routing filters default to reject ?

Wed May 04, 2022 11:39 am

I have added the note about default action here:
https://help.mikrotik.com/docs/pages/vi ... d=74678285
If you want v6->v7 migration to be transparent w.r.t. this, the crossfig program should add a plain "accept" at the end of each routing filter chain.
The user can then consider to remove that or not.
As it is now, conversion results in a different behaviour... see e.g. viewtopic.php?t=185664

Who is online

Users browsing this forum: mkx, wawananakkaili and 22 guests