1: @node Filtering
2: @comment node-name, next, previous, up
3: @chapter Filtering
4:
5: Quagga provides many very flexible filtering features. Filtering is used
6: for both input and output of the routing information. Once filtering is
7: defined, it can be applied in any direction.
8:
9: @menu
10: * IP Access List::
11: * IP Prefix List::
12: @end menu
13:
14: @node IP Access List
15: @comment node-name, next, previous, up
16: @section IP Access List
17:
18: @deffn {Command} {access-list @var{name} permit @var{ipv4-network}} {}
19: @deffnx {Command} {access-list @var{name} deny @var{ipv4-network}} {}
20: @end deffn
21:
22: Basic filtering is done by @code{access-list} as shown in the
23: following example.
24:
25: @example
26: access-list filter deny 10.0.0.0/9
27: access-list filter permit 10.0.0.0/8
28: @end example
29:
30: @node IP Prefix List
31: @comment node-name, next, previous, up
32: @section IP Prefix List
33:
34: @command{ip prefix-list} provides the most powerful prefix based
35: filtering mechanism. In addition to @command{access-list} functionality,
36: @command{ip prefix-list} has prefix length range specification and
37: sequential number specification. You can add or delete prefix based
38: filters to arbitrary points of prefix-list using sequential number specification.
39:
40: If no ip prefix-list is specified, it acts as permit. If @command{ip prefix-list}
41: is defined, and no match is found, default deny is applied.
42:
43: @c @deffn {Command} {ip prefix-list @var{name} [seq @var{number}] permit|deny [le @var{prefixlen}] [ge @var{prefixlen}]} {}
44: @deffn {Command} {ip prefix-list @var{name} (permit|deny) @var{prefix} [le @var{len}] [ge @var{len}]} {}
45: @deffnx {Command} {ip prefix-list @var{name} seq @var{number} (permit|deny) @var{prefix} [le @var{len}] [ge @var{len}]} {}
46:
47: You can create @command{ip prefix-list} using above commands.
48:
49: @table @asis
50:
51: @item @asis{seq}
52: seq @var{number} can be set either automatically or manually. In the
53: case that sequential numbers are set manually, the user may pick any
54: number less than 4294967295. In the case that sequential number are set
55: automatically, the sequential number will increase by a unit of five (5)
56: per list. If a list with no specified sequential number is created
57: after a list with a specified sequential number, the list will
58: automatically pick the next multiple of five (5) as the list number.
59: For example, if a list with number 2 already exists and a new list with
60: no specified number is created, the next list will be numbered 5. If
61: lists 2 and 7 already exist and a new list with no specified number is
62: created, the new list will be numbered 10.
63:
64: @item @asis{le}
65: @command{le} command specifies prefix length. The prefix list will be
66: applied if the prefix length is less than or equal to the le prefix length.
67:
68: @item @asis{ge}
69: @command{ge} command specifies prefix length. The prefix list will be
70: applied if the prefix length is greater than or equal to the ge prefix length.
71:
72: @end table
73:
74: @end deffn
75:
76: Less than or equal to prefix numbers and greater than or equal to
77: prefix numbers can be used together. The order of the le and ge
78: commands does not matter.
79:
80: If a prefix list with a different sequential number but with the exact
81: same rules as a previous list is created, an error will result.
82: However, in the case that the sequential number and the rules are
83: exactly similar, no error will result.
84:
85: If a list with the same sequential number as a previous list is created,
86: the new list will overwrite the old list.
87:
88: Matching of IP Prefix is performed from the smaller sequential number to the
89: larger. The matching will stop once any rule has been applied.
90:
91: In the case of no le or ge command, the prefix length must match exactly the
92: length specified in the prefix list.
93:
94: @deffn {Command} {no ip prefix-list @var{name}} {}
95: @end deffn
96:
97: @menu
98: * ip prefix-list description::
99: * ip prefix-list sequential number control::
100: * Showing ip prefix-list::
101: * Clear counter of ip prefix-list::
102: @end menu
103:
104: @node ip prefix-list description
105: @subsection ip prefix-list description
106:
107: @deffn {Command} {ip prefix-list @var{name} description @var{desc}} {}
108: Descriptions may be added to prefix lists. This command adds a
109: description to the prefix list.
110: @end deffn
111:
112: @deffn {Command} {no ip prefix-list @var{name} description [@var{desc}]} {}
113: Deletes the description from a prefix list. It is possible to use the
114: command without the full description.
115: @end deffn
116:
117: @node ip prefix-list sequential number control
118: @subsection ip prefix-list sequential number control
119:
120: @deffn {Command} {ip prefix-list sequence-number} {}
121: With this command, the IP prefix list sequential number is displayed.
122: This is the default behavior.
123: @end deffn
124:
125: @deffn {Command} {no ip prefix-list sequence-number} {}
126: With this command, the IP prefix list sequential number is not
127: displayed.
128: @end deffn
129:
130: @node Showing ip prefix-list
131: @subsection Showing ip prefix-list
132:
133: @deffn {Command} {show ip prefix-list} {}
134: Display all IP prefix lists.
135: @end deffn
136:
137: @deffn {Command} {show ip prefix-list @var{name}} {}
138: Show IP prefix list can be used with a prefix list name.
139: @end deffn
140:
141: @deffn {Command} {show ip prefix-list @var{name} seq @var{num}} {}
142: Show IP prefix list can be used with a prefix list name and sequential
143: number.
144: @end deffn
145:
146: @deffn {Command} {show ip prefix-list @var{name} @var{a.b.c.d/m}} {}
147: If the command longer is used, all prefix lists with prefix lengths equal to
148: or longer than the specified length will be displayed.
149: If the command first match is used, the first prefix length match will be
150: displayed.
151: @end deffn
152:
153: @deffn {Command} {show ip prefix-list @var{name} @var{a.b.c.d/m} longer} {}
154: @end deffn
155:
156: @deffn {Command} {show ip prefix-list @var{name} @var{a.b.c.d/m} first-match} {}
157: @end deffn
158:
159: @deffn {Command} {show ip prefix-list summary} {}
160: @end deffn
161: @deffn {Command} {show ip prefix-list summary @var{name}} {}
162: @end deffn
163:
164: @deffn {Command} {show ip prefix-list detail} {}
165: @end deffn
166: @deffn {Command} {show ip prefix-list detail @var{name}} {}
167: @end deffn
168:
169: @node Clear counter of ip prefix-list
170: @subsection Clear counter of ip prefix-list
171:
172: @deffn {Command} {clear ip prefix-list} {}
173: Clears the counters of all IP prefix lists. Clear IP Prefix List can be
174: used with a specified name and prefix.
175: @end deffn
176:
177: @deffn {Command} {clear ip prefix-list @var{name}} {}
178: @end deffn
179:
180: @deffn {Command} {clear ip prefix-list @var{name} @var{a.b.c.d/m}} {}
181: @end deffn
182:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>