1@node Filtering 2@comment node-name, next, previous, up 3@chapter Filtering 4 5Quagga provides many very flexible filtering features. Filtering is used 6for both input and output of the routing information. Once filtering is 7defined, it can be applied in any direction. 8 9@menu 10* IP Access List:: 11* IP Prefix List:: 12@end menu 13 14@node IP Access List 15@comment node-name, next, previous, up 16@section IP Access List 17 18@deffn {Command} {access-list @var{name} permit @var{ipv4-network}} {} 19@deffnx {Command} {access-list @var{name} deny @var{ipv4-network}} {} 20@end deffn 21 22Basic filtering is done by @code{access-list} as shown in the 23following example. 24 25@example 26access-list filter deny 10.0.0.0/9 27access-list filter permit 10.0.0.0/8 28@end example 29 30@node IP Prefix List 31@comment node-name, next, previous, up 32@section IP Prefix List 33 34@command{ip prefix-list} provides the most powerful prefix based 35filtering mechanism. In addition to @command{access-list} functionality, 36@command{ip prefix-list} has prefix length range specification and 37sequential number specification. You can add or delete prefix based 38filters to arbitrary points of prefix-list using sequential number specification. 39 40If no ip prefix-list is specified, it acts as permit. If @command{ip prefix-list} 41is defined, and no match is found, default deny is applied. 42 43@c @deffn {Command} {ip prefix-list @var{name} [seq @var{number}] permit|deny [le @var{prefixlen}] [ge @var{prefixlen}]} {} 44@deffn {Command} {ip prefix-list @var{name} (permit|deny) @var{prefix} [le @var{len}] [ge @var{len}]} {} 45@deffnx {Command} {ip prefix-list @var{name} seq @var{number} (permit|deny) @var{prefix} [le @var{len}] [ge @var{len}]} {} 46 47You can create @command{ip prefix-list} using above commands. 48 49@table @asis 50 51@item @asis{seq} 52seq @var{number} can be set either automatically or manually. In the 53case that sequential numbers are set manually, the user may pick any 54number less than 4294967295. In the case that sequential number are set 55automatically, the sequential number will increase by a unit of five (5) 56per list. If a list with no specified sequential number is created 57after a list with a specified sequential number, the list will 58automatically pick the next multiple of five (5) as the list number. 59For example, if a list with number 2 already exists and a new list with 60no specified number is created, the next list will be numbered 5. If 61lists 2 and 7 already exist and a new list with no specified number is 62created, the new list will be numbered 10. 63 64@item @asis{le} 65@command{le} command specifies prefix length. The prefix list will be 66applied if the prefix length is less than or equal to the le prefix length. 67 68@item @asis{ge} 69@command{ge} command specifies prefix length. The prefix list will be 70applied if the prefix length is greater than or equal to the ge prefix length. 71 72@end table 73 74@end deffn 75 76Less than or equal to prefix numbers and greater than or equal to 77prefix numbers can be used together. The order of the le and ge 78commands does not matter. 79 80If a prefix list with a different sequential number but with the exact 81same rules as a previous list is created, an error will result. 82However, in the case that the sequential number and the rules are 83exactly similar, no error will result. 84 85If a list with the same sequential number as a previous list is created, 86the new list will overwrite the old list. 87 88Matching of IP Prefix is performed from the smaller sequential number to the 89larger. The matching will stop once any rule has been applied. 90 91In the case of no le or ge command, the prefix length must match exactly the 92length specified in the prefix list. 93 94@deffn {Command} {no ip prefix-list @var{name}} {} 95@end deffn 96 97@menu 98* ip prefix-list description:: 99* ip prefix-list sequential number control:: 100* Showing ip prefix-list:: 101* Clear counter of ip prefix-list:: 102@end menu 103 104@node ip prefix-list description 105@subsection ip prefix-list description 106 107@deffn {Command} {ip prefix-list @var{name} description @var{desc}} {} 108Descriptions may be added to prefix lists. This command adds a 109description to the prefix list. 110@end deffn 111 112@deffn {Command} {no ip prefix-list @var{name} description [@var{desc}]} {} 113Deletes the description from a prefix list. It is possible to use the 114command without the full description. 115@end deffn 116 117@node ip prefix-list sequential number control 118@subsection ip prefix-list sequential number control 119 120@deffn {Command} {ip prefix-list sequence-number} {} 121With this command, the IP prefix list sequential number is displayed. 122This is the default behavior. 123@end deffn 124 125@deffn {Command} {no ip prefix-list sequence-number} {} 126With this command, the IP prefix list sequential number is not 127displayed. 128@end deffn 129 130@node Showing ip prefix-list 131@subsection Showing ip prefix-list 132 133@deffn {Command} {show ip prefix-list} {} 134Display all IP prefix lists. 135@end deffn 136 137@deffn {Command} {show ip prefix-list @var{name}} {} 138Show IP prefix list can be used with a prefix list name. 139@end deffn 140 141@deffn {Command} {show ip prefix-list @var{name} seq @var{num}} {} 142Show IP prefix list can be used with a prefix list name and sequential 143number. 144@end deffn 145 146@deffn {Command} {show ip prefix-list @var{name} @var{a.b.c.d/m}} {} 147If the command longer is used, all prefix lists with prefix lengths equal to 148or longer than the specified length will be displayed. 149If the command first match is used, the first prefix length match will be 150displayed. 151@end deffn 152 153@deffn {Command} {show ip prefix-list @var{name} @var{a.b.c.d/m} longer} {} 154@end deffn 155 156@deffn {Command} {show ip prefix-list @var{name} @var{a.b.c.d/m} first-match} {} 157@end deffn 158 159@deffn {Command} {show ip prefix-list summary} {} 160@end deffn 161@deffn {Command} {show ip prefix-list summary @var{name}} {} 162@end deffn 163 164@deffn {Command} {show ip prefix-list detail} {} 165@end deffn 166@deffn {Command} {show ip prefix-list detail @var{name}} {} 167@end deffn 168 169@node Clear counter of ip prefix-list 170@subsection Clear counter of ip prefix-list 171 172@deffn {Command} {clear ip prefix-list} {} 173Clears the counters of all IP prefix lists. Clear IP Prefix List can be 174used with a specified name and prefix. 175@end deffn 176 177@deffn {Command} {clear ip prefix-list @var{name}} {} 178@end deffn 179 180@deffn {Command} {clear ip prefix-list @var{name} @var{a.b.c.d/m}} {} 181@end deffn 182 183