OSPF inbound filtering

General questions
1

Hi, can someone tell me how can i filter out some routes received via ospf?
I’d like to filter path to 0.0.0.0/0 that i’m recieving from another router.

2

Hello.
You need something like this:

set policy prefix-list deny-default rule 10 action 'permit'
set policy prefix-list deny-default rule 10 prefix '0.0.0.0/0'

set policy route-map OSPF-IN rule 10 action 'deny'
set policy route-map OSPF-IN rule 10 match ip address prefix-list 'deny-default'
set policy route-map OSPF-IN rule 20 action 'permit

set protocols ospf route-map 'OSPF-IN'

sever@second:~$ sh ip route ospf
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route

O 0.0.0.0/0 [110/10] via 192.192.192.1, eth2 inactive, 00:10:39

3

I had documented all this in the Wiki somewhere, but it may have got lost when everything was moved to readthedocs 8-\

4

Hi,

One more question. Can I distinguish between input and output filters in OSPF configuration?

5

For output filter you use redistribute option.
For input you can use example above.
As far as I know, In Frr/quagga/cisco/brocade… There are not options for the ospf to have import/export policy’s example how it implement in the bgp protocol.

6

Update 3 years later: The syntax has now changed, due to ⚓ T5150 Rework CLI definitions to apply route-maps between routing daemons and zebra/kernel

The syntax is now set system ip protocol ospf route-map ROUTE-MAP-NAME - for example:

set policy prefix-list default4 rule 10 action 'permit'
set policy prefix-list default4 rule 10 prefix '0.0.0.0/0'
set policy prefix-list6 default6 rule 10 action 'permit'
set policy prefix-list6 default6 rule 10 prefix '::/0'

set policy route-map no-default rule 10 action 'deny'
set policy route-map no-default rule 10 match ip address prefix-list 'default4'
set policy route-map no-default rule 20 action 'deny'
set policy route-map no-default rule 20 match ipv6 address prefix-list 'default6'
set policy route-map no-default rule 100 action 'permit'

set system ip protocol ospf route-map 'no-default'
2 Likes