Filtering unwanted routes from OSPF distribution

bruor

I've got FRR OSPF working between 2 sites. I've needed to enable connected networks and kernel route distribution to get everything I want included in distribution, but now I'd like to filter things back a bit but I can't seem to wrap my head around the way that this needs to be done (in gui)

I'd like to stop the pfblocker VIP route from being distributed among sites, it would be easiest for me to tell FRR not to disctribute any routes within 10.10.0.0/16. It looks like the right approach is to use a prefix-list, but no clue how to get FRR to actually evaluate it.

FRR seems to also pick up remote IPsec endpoints and publish routes for those public IPs as well, looking for an elegant way to block those from distributing as well. (endpoints are not static IPs) I was hoping there might be a way to filer out routes unless they are a certain size since these all appear to be /32

Zawi

Use route map , apply it to Route Redistribution.

create prefix list. allow/deny what you need.

match it in route map.

apply it to Route Redistribution

bruor

Maybe there's a different/better way to approach this. Is there a way to tell frr that I only want to distribute connected routes if they are for networks within a specific netmask?

Are route maps sort of like firewall rules? Would I define 2 allows with a deny for 0.0.0.0? And apply that?

I use a dedicated 10.0.0.0/16 and a 192.168.0.0/16 at each site.

bruor

I just gave that a shot and it appears to work as expected.

Thanks for your help working out how the parts inter-operate