Filter some routes

fmroeira86

Hi!

So I was using Quagga and now updated to PFSense 2.5 and I migrated to FRR (OSPF).

I'm ok with the overall configs but I need to exclude some routes to be advertised.

I tried everything from filters to route maps and nothing seems to work.

Can some one clarify me on how to exclude a specific route from FRR OSPF. Let's call it 192.168.1.0/24 and allow everything else?

:) thank you!!

pete35

@fmroeira86
You may try to include all routes (connected and from other sources so called kernel routes) into created access lists. You can permit or deny networks there. Be carefull with the sequence numbering, you should only use "zebra" list for the first approach and check the corresponding frr.conf under Status, Configuration. Clear all other entries of your try and error sessions, best is to start over with an fresh config. I takes some time to distinguish between the terms.

fmroeira86

@pete35 Thank you.

Where should I apply those ACL?

pete35

@fmroeira86
Just enable it:

fmroeira86

@pete35 said in Filter some routes:

@fmroeira86
Just enable it:

I've that enabled.

My ACL as a route with deny (position 1) and an allow all for all the other networks at position 2.

But All the routes still get advertised...

pete35

@fmroeira86
does it look like this:

fmroeira86

@pete35 said in Filter some routes:

@fmroeira86
does it look like this:

OH!!!! I thought of that but mine doesn't show any "Distribute List" it says "None". I tried with Zebra ACL, Extended ACL and Standard ACL. Always show "none"

pete35

@fmroeira86

Yes i see it here too. This looks like a bug in the GUI. You may include it into the raw setting of the config.

fmroeira86

@pete35

Can you please show me where you include in the RAW config?

pete35

@fmroeira86

fmroeira86

@pete35 I'll try that.

In the meantime I'll try to report this bug.

I don't really know where I should do that...

Thank you!

pete35

@jimp

The GUI does not find the configured ACL Lists any more within Pfsense 2.5 and the Route Distribution section of the configuration.. There is only "None", no lists to choose.
Is this a bug?

fmroeira86

@jdillard , @Steve_B , @loos , @rbgarga Can anyone advise on this?

Is this a bug?

Thank you so much!

viktor_g

Please try to re-save your access/prefix lists

see https://forum.netgate.com/topic/160694/frr-7-3-7-5-bgp-not-announcing-routes
and https://redmine.pfsense.org/issues/11404

pete35

@viktor_g

i did this several times, even created a new one, but the lists dont apear on the selection.

fmroeira86

I confirm that the lists don't apear...

viktor_g

Please try this patch: 56.diff

Redmine issue: https://redmine.pfsense.org/issues/11511

fmroeira86

@viktor_g said in Filter some routes:

Please try this patch: 56.diff

Redmine issue: https://redmine.pfsense.org/issues/11511

Can you please instruct on how to apply that?

viktor_g

@fmroeira86 you need to install System Patches pkg: https://docs.netgate.com/pfsense/en/latest/development/system-patches.html
and paste/apply diff

fmroeira86

@viktor_g Thank you!