filter.texi 6.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183
  1. @node Filtering
  2. @comment node-name, next, previous, up
  3. @chapter Filtering
  4. Quagga provides many very flexible filtering features. Filtering is used
  5. for both input and output of the routing information. Once filtering is
  6. defined, it can be applied in any direction.
  7. @menu
  8. * IP Access List::
  9. * IP Prefix List::
  10. @end menu
  11. @node IP Access List
  12. @comment node-name, next, previous, up
  13. @section IP Access List
  14. @deffn {Command} {access-list @var{name} permit @var{ipv4-network}} {}
  15. @deffnx {Command} {access-list @var{name} deny @var{ipv4-network}} {}
  16. @end deffn
  17. Basic filtering is done by @code{access-list} as shown in the
  18. following example.
  19. @example
  20. access-list filter deny 10.0.0.0/9
  21. access-list filter permit 10.0.0.0/8
  22. @end example
  23. @node IP Prefix List
  24. @comment node-name, next, previous, up
  25. @section IP Prefix List
  26. @command{ip prefix-list} provides the most powerful prefix based
  27. filtering mechanism. In addition to @command{access-list} functionality,
  28. @command{ip prefix-list} has prefix length range specification and
  29. sequential number specification. You can add or delete prefix based
  30. filters to arbitrary points of prefix-list using sequential number specification.
  31. If no ip prefix-list is specified, it acts as permit. If @command{ip prefix-list}
  32. is defined, and no match is found, default deny is applied.
  33. @c @deffn {Command} {ip prefix-list @var{name} [seq @var{number}] permit|deny [le @var{prefixlen}] [ge @var{prefixlen}]} {}
  34. @deffn {Command} {ip prefix-list @var{name} (permit|deny) @var{prefix} [le @var{len}] [ge @var{len}]} {}
  35. @deffnx {Command} {ip prefix-list @var{name} seq @var{number} (permit|deny) @var{prefix} [le @var{len}] [ge @var{len}]} {}
  36. You can create @command{ip prefix-list} using above commands.
  37. @table @asis
  38. @item @asis{seq}
  39. seq @var{number} can be set either automatically or manually. In the
  40. case that sequential numbers are set manually, the user may pick any
  41. number less than 4294967295. In the case that sequential number are set
  42. automatically, the sequential number will increase by a unit of five (5)
  43. per list. If a list with no specified sequential number is created
  44. after a list with a specified sequential number, the list will
  45. automatically pick the next multiple of five (5) as the list number.
  46. For example, if a list with number 2 already exists and a new list with
  47. no specified number is created, the next list will be numbered 5. If
  48. lists 2 and 7 already exist and a new list with no specified number is
  49. created, the new list will be numbered 10.
  50. @item @asis{le}
  51. @command{le} command specifies prefix length. The prefix list will be
  52. applied if the prefix length is less than or equal to the le prefix length.
  53. @item @asis{ge}
  54. @command{ge} command specifies prefix length. The prefix list will be
  55. applied if the prefix length is greater than or equal to the ge prefix length.
  56. @end table
  57. @end deffn
  58. Less than or equal to prefix numbers and greater than or equal to
  59. prefix numbers can be used together. The order of the le and ge
  60. commands does not matter.
  61. If a prefix list with a different sequential number but with the exact
  62. same rules as a previous list is created, an error will result.
  63. However, in the case that the sequential number and the rules are
  64. exactly similar, no error will result.
  65. If a list with the same sequential number as a previous list is created,
  66. the new list will overwrite the old list.
  67. Matching of IP Prefix is performed from the smaller sequential number to the
  68. larger. The matching will stop once any rule has been applied.
  69. In the case of no le or ge command, the prefix length must match exactly the
  70. length specified in the prefix list.
  71. @deffn {Command} {no ip prefix-list @var{name}} {}
  72. @end deffn
  73. @menu
  74. * ip prefix-list description::
  75. * ip prefix-list sequential number control::
  76. * Showing ip prefix-list::
  77. * Clear counter of ip prefix-list::
  78. @end menu
  79. @node ip prefix-list description
  80. @subsection ip prefix-list description
  81. @deffn {Command} {ip prefix-list @var{name} description @var{desc}} {}
  82. Descriptions may be added to prefix lists. This command adds a
  83. description to the prefix list.
  84. @end deffn
  85. @deffn {Command} {no ip prefix-list @var{name} description [@var{desc}]} {}
  86. Deletes the description from a prefix list. It is possible to use the
  87. command without the full description.
  88. @end deffn
  89. @node ip prefix-list sequential number control
  90. @subsection ip prefix-list sequential number control
  91. @deffn {Command} {ip prefix-list sequence-number} {}
  92. With this command, the IP prefix list sequential number is displayed.
  93. This is the default behavior.
  94. @end deffn
  95. @deffn {Command} {no ip prefix-list sequence-number} {}
  96. With this command, the IP prefix list sequential number is not
  97. displayed.
  98. @end deffn
  99. @node Showing ip prefix-list
  100. @subsection Showing ip prefix-list
  101. @deffn {Command} {show ip prefix-list} {}
  102. Display all IP prefix lists.
  103. @end deffn
  104. @deffn {Command} {show ip prefix-list @var{name}} {}
  105. Show IP prefix list can be used with a prefix list name.
  106. @end deffn
  107. @deffn {Command} {show ip prefix-list @var{name} seq @var{num}} {}
  108. Show IP prefix list can be used with a prefix list name and sequential
  109. number.
  110. @end deffn
  111. @deffn {Command} {show ip prefix-list @var{name} @var{a.b.c.d/m}} {}
  112. If the command longer is used, all prefix lists with prefix lengths equal to
  113. or longer than the specified length will be displayed.
  114. If the command first match is used, the first prefix length match will be
  115. displayed.
  116. @end deffn
  117. @deffn {Command} {show ip prefix-list @var{name} @var{a.b.c.d/m} longer} {}
  118. @end deffn
  119. @deffn {Command} {show ip prefix-list @var{name} @var{a.b.c.d/m} first-match} {}
  120. @end deffn
  121. @deffn {Command} {show ip prefix-list summary} {}
  122. @end deffn
  123. @deffn {Command} {show ip prefix-list summary @var{name}} {}
  124. @end deffn
  125. @deffn {Command} {show ip prefix-list detail} {}
  126. @end deffn
  127. @deffn {Command} {show ip prefix-list detail @var{name}} {}
  128. @end deffn
  129. @node Clear counter of ip prefix-list
  130. @subsection Clear counter of ip prefix-list
  131. @deffn {Command} {clear ip prefix-list} {}
  132. Clears the counters of all IP prefix lists. Clear IP Prefix List can be
  133. used with a specified name and prefix.
  134. @end deffn
  135. @deffn {Command} {clear ip prefix-list @var{name}} {}
  136. @end deffn
  137. @deffn {Command} {clear ip prefix-list @var{name} @var{a.b.c.d/m}} {}
  138. @end deffn