Hello - I know this has been asked, I've searched, experimented, but I'm struggling.
In Ros v7, I'd like to create an OSPF-OUT filter that does the following:
- DENIES: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 from leaving the router.
- ALLOWS: everything else on the router, and passes thru anything 'learnt' from adjacent routers onward.
Basically, I'm trying to achieve what I could easily do on v6. I've read the docs, looked thru the forums, but struggling with this a lot.
In a way, I see the default rule of 'denying/dropping' as almost 'breaking' OSPF. I'm not sure I am grasping the concept here.
Thank you!
Re: OSPF 'accept all' filter
I believe this has been resolved. The following (below) seems to work. Originally, I had the 'accept' rule at the top of the filter set, not the bottom. Placing it at the bottom seemed to resolve the trouble I experienced. I've placed this code into it's own 'routing filter rule', and attached it to the chain OSPF-OUT.
Code: Select all
if ( dst in 192.168.0.0/16 && dst-len>16 ) { reject }
if ( dst in 10.0.0.0/8 && dst-len>8 ) { reject }
if ( dst in 172.16.0.0/12 && dst-len>12 ) { reject }
if ( dst-len > 0 ) { accept}
Who is online
Users browsing this forum: No registered users and 8 guests