Manual:Routing/Routing filters: Difference between revisions

From MikroTik Wiki
Jump to navigation Jump to search
m (Protected "Routing filters" [edit=sysop:move=sysop])
No edit summary
Line 26: Line 26:
</tr>
</tr>
<tr>
<tr>
     <td><var><b>append-bgp-communities</b></var> (<em>integer:integer | internet | local-as | no-advertise | no-export</em>; Default: <b></b>)</td>
    <td><var><b>address-family</b></var> (<em>ip|ipv6|l2vpn|l2vpn-cisco|vpnv4</em>;)</td>
    <td> match by BGP address family</td>
</tr>
<tr>
     <td><var><b>append-bgp-communities</b></var> (<em>integer:integer | internet | local-as | no-advertise | no-export</em>;)</td>
     <td> similar to 'set-bgp-communities', but does not delete any existing information about communities</td>
     <td> similar to 'set-bgp-communities', but does not delete any existing information about communities</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>bgp-as-path</b></var> (<em>string</em>; Default: <b></b>)</td>
     <td><var><b>append-route-targets</b></var> (<em>AsIP|AsNum</em>;)</td>
    <td></td>
</tr>
<tr>
    <td><var><b>bgp-as-path</b></var> (<em>string</em>;)</td>
     <td> unanchored pattern to be searched inside <b>AS_PATH</b> attribute of the route. POSIX regular expressions are supported.</td>
     <td> unanchored pattern to be searched inside <b>AS_PATH</b> attribute of the route. POSIX regular expressions are supported.</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>bgp-as-path-length</b></var> (<em>integer-integer</em>; Default: <b></b>)</td>
     <td><var><b>bgp-as-path-length</b></var> (<em>integer-integer</em>;)</td>
     <td> match length of <b>AS_PATH BGP</b> attribute, representing the number of ASes that have been traversed. Read how the <b>AS_PATH</b> length is calculated before using this matcher</td>
     <td> match length of <b>AS_PATH BGP</b> attribute, representing the number of ASes that have been traversed. Read how the <b>AS_PATH</b> length is calculated before using this matcher</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>bgp-atomic-aggregate</b></var> (<em>absent | present</em>; Default: <b></b>)</td>
     <td><var><b>bgp-atomic-aggregate</b></var> (<em>absent | present</em>;)</td>
     <td> match <b>ATOMIC_AGGREGATE</b> BGP attribute</td>
     <td> match <b>ATOMIC_AGGREGATE</b> BGP attribute</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>bgp-communities</b></var> (<em>integer:integer | internet | local-as | no-advertise | no-export</em>; Default: <b></b>)</td>
     <td><var><b>bgp-communities</b></var> (<em>integer:integer | internet | local-as | no-advertise | no-export</em>;)</td>
     <td> match the <b>COMMUNITIES</b> BGP attribute. Match is done when communities attribute in a route contains all entries from this configured list. But note that if communities list contains 'internet', the whole list always matched.</td>
     <td> match the <b>COMMUNITIES</b> BGP attribute. Match is done when communities attribute in a route contains all entries from this configured list. But note that if communities list contains 'internet', the whole list always matched.</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>bgp-local-pref</b></var> (<em>integer[-integer]</em>; Default: <b></b>)</td>
     <td><var><b>bgp-local-pref</b></var> (<em>integer[-integer]</em>;)</td>
     <td> match <b>LOCAL_PREF</b> BGP attribute. If the <b>LOCAL_PREF</b> for a route is not set, value 0 is used instead</td>
     <td> match <b>LOCAL_PREF</b> BGP attribute. If the <b>LOCAL_PREF</b> for a route is not set, value 0 is used instead</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>bgp-med</b></var> (<em>integer[-integer]</em>; Default: <b></b>)</td>
     <td><var><b>bgp-med</b></var> (<em>integer[-integer]</em>;)</td>
     <td> match <b>MULTI_EXIT_DISC</b> BGP attribute. If the <b>MULTI_EXIT_DISC</b> for a route is not set, value 0 is used instead</td>
     <td> match <b>MULTI_EXIT_DISC</b> BGP attribute. If the <b>MULTI_EXIT_DISC</b> for a route is not set, value 0 is used instead</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>bgp-origin</b></var> (<em>igp | egp | incomplete</em>; Default: <b></b>)</td>
     <td><var><b>bgp-origin</b></var> (<em>igp | egp | incomplete</em>;)</td>
     <td> match <b>ORIGIN</b> BGP attribute. If the <b>ORIGIN</b> for a route is not set, value 'incomplete' is used instead</td>
     <td> match <b>ORIGIN</b> BGP attribute. If the <b>ORIGIN</b> for a route is not set, value 'incomplete' is used instead</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>bgp-weight</b></var> (<em>signed integer[-signed integer]</em>; Default: <b></b>)</td>
     <td><var><b>bgp-weight</b></var> (<em>signed integer[-signed integer]</em>;)</td>
     <td> match BGP weight property. If this property for a route is not set, value 0 is used instead</td>
     <td> match BGP weight property. If this property for a route is not set, value 0 is used instead</td>
</tr>
</tr>


<tr>
<tr>
     <td><var><b>chain</b></var> (<em>string</em>; Default: <b>""</b>)</td>
     <td><var><b>chain</b></var> (<em>string</em>;)</td>
     <td> chain name to place this rule in. If a chain with the specified name does not exist it will be automatically created
     <td> chain name to place this rule in. If a chain with the specified name does not exist it will be automatically created
chain name to place this rule in. If a chain with the specified name does not exist it will be automatically created
chain name to place this rule in. If a chain with the specified name does not exist it will be automatically created
Line 77: Line 85:
</tr>
</tr>
<tr>
<tr>
     <td><var><b>distance</b></var> (<em>integer: 0..255[ - integer:0..255]</em>; Default: <b></b>)</td>
     <td><var><b>distance</b></var> (<em>integer: 0..255[ - integer:0..255]</em>;)</td>
     <td> match routes with specific administrative distance</td>
     <td> match routes with specific administrative distance</td>
</tr>
</tr>
Line 85: Line 93:
</tr>
</tr>
<tr>
<tr>
     <td><var><b>jump-target</b></var> (<em>string</em>; Default: <b></b>)</td>
     <td><var><b>jump-target</b></var> (<em>string</em>;)</td>
     <td> name of the target chain to jump to, if the 'action=jump' is used</td>
     <td> name of the target chain to jump to, if the 'action=jump' is used</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>match-chain</b></var> (<em>string</em>; Default: <b></b>)</td>
     <td><var><b>locally-originated-bgp</b></var> (<em>yes|no</em>;)</td>
    <td></td>
</tr>
<tr>
    <td><var><b>match-chain</b></var> (<em>string</em>;)</td>
     <td> the name of the chain which is used to evaluate the route. If the chain accepts the route, 'match-chain' property produces a true match</td>
     <td> the name of the chain which is used to evaluate the route. If the chain accepts the route, 'match-chain' property produces a true match</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>pref-src</b></var> (<em>IP address range</em>; Default: <b></b>)</td>
     <td><var><b>pref-src</b></var> (<em>IP address range</em>;)</td>
     <td> match routes with a specific preferred source value</td>
     <td> match routes with a specific preferred source value</td>
</tr>
</tr>
Line 111: Line 123:


<tr>
<tr>
     <td><var><b>protocol</b></var> (<em>connect | static | rip | ospf | bgp</em>; Default: <b></b>)</td>
     <td><var><b>protocol</b></var> (<em>connect | static | rip | ospf | bgp</em>;)</td>
     <td> match routes coming from a specific protocol (the values are self-explanatory)</td>
     <td> match routes coming from a specific protocol (the values are self-explanatory)</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>route-comment</b></var> (<em>string</em>; Default: <b></b>)</td>
     <td><var><b>route-comment</b></var> (<em>string</em>;)</td>
     <td> match routes with a specific comment</td>
     <td> match routes with a specific comment</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>route-tag</b></var> (<em>integer</em>; Default: <b></b>)</td>
     <td><var><b>route-tag</b></var> (<em>integer</em>;)</td>
     <td> match routes with a specific route-tag property value</td>
     <td> match routes with a specific route-tag property value</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>routing-mark</b></var> (<em>string</em>; Default: <b></b>)</td>
     <td><var><b>routing-mark</b></var> (<em>string</em>;)</td>
     <td> match routes with a specific routing mark</td>
     <td> match routes with a specific routing mark</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>scope</b></var> (<em>integer 0..255[-integer 0..255]</em>; Default: <b></b>)</td>
     <td><var><b>scope</b></var> (<em>integer 0..255[-integer 0..255]</em>;)</td>
     <td> match routes with a specific scope property value</td>
     <td> match routes with a specific scope property value</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>set-bgp-communities</b></var> (<em>integer:integer | internet | local-as | no-advertise | no-export</em>; Default: <b></b>)</td>
     <td><var><b>set-bgp-communities</b></var> (<em>integer:integer | internet | local-as | no-advertise | no-export</em>;)</td>
     <td> set <b>COMMUNITIES</b> BGP attribut</td>
     <td> set <b>COMMUNITIES</b> BGP attribut</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>set-bgp-local-pref</b></var> (<em>integer</em>; Default: <b></b>)</td>
     <td><var><b>set-bgp-local-pref</b></var> (<em>integer</em>;)</td>
     <td> set <b>LOCAL_PREF</b> BGP attribute</td>
     <td> set <b>LOCAL_PREF</b> BGP attribute</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>set-bgp-med</b></var> (<em>integer</em>; Default: <b></b>)</td>
     <td><var><b>set-bgp-med</b></var> (<em>integer</em>;)</td>
     <td> set <b>MULTI_EXIT_DISC</b> BGP attribute</td>
     <td> set <b>MULTI_EXIT_DISC</b> BGP attribute</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>set-bgp-prepend</b></var> (<em>integer: 0..16 | default</em>; Default: <b></b>)</td>
     <td><var><b>set-bgp-prepend</b></var> (<em>integer: 0..16 | default</em>;)</td>
     <td> how many times to prepend router's own AS number to <b>AS_PATH</b> attribute<br />
     <td> how many times to prepend router's own AS number to <b>AS_PATH</b> attribute<br />
For incoming filters, it affects the AS_PATH attribute length, which is used in BGP route selection process.
For incoming filters, it affects the AS_PATH attribute length, which is used in BGP route selection process.
Line 149: Line 161:
</tr>
</tr>
<tr>
<tr>
     <td><var><b>set-bgp-prepend-path</b></var> (<em>AS list</em>; Default: <b></b>)</td>
     <td><var><b>set-bgp-prepend-path</b></var> (<em>AS list</em>;)</td>
     <td> add specified list of AS numbers to <b>AS_PATH</b> attribute<br />
     <td> add specified list of AS numbers to <b>AS_PATH</b> attribute<br />
If both <b>set-bgp-prepend</b> and <b>set-bgp-prepend-path</b> are used then <b>set-bgp-prepend</b> will have highest priority.
If both <b>set-bgp-prepend</b> and <b>set-bgp-prepend-path</b> are used then <b>set-bgp-prepend</b> will have highest priority.
Line 155: Line 167:
</tr>
</tr>
<tr>
<tr>
     <td><var><b>set-bgp-weight</b></var> (<em>signed integer</em>; Default: <b></b>)</td>
     <td><var><b>set-bgp-weight</b></var> (<em>signed integer</em>;)</td>
     <td> set BGP weight property to be used in BGP route selection process. Valid only in incoming filters and for BGP routes</td>
     <td> set BGP weight property to be used in BGP route selection process. Valid only in incoming filters and for BGP routes</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>set-check-gateway</b></var> (<em>arp | none | ping</em>; Default: <b></b>)</td>
     <td><var><b>set-check-gateway</b></var> (<em>arp | none | ping</em>;)</td>
     <td> set which protocol to use for gateway reachability, if any. Valid only in incoming filters</td>
     <td> set which protocol to use for gateway reachability, if any. Valid only in incoming filters</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>set-disabled</b></var> (<em>yes | no</em>; Default: <b></b>)</td>
     <td><var><b>set-disabled</b></var> (<em>yes | no</em>;)</td>
     <td> if set, the route will not become active.  Valid only in incoming filters</td>
     <td> if set, the route will not become active.  Valid only in incoming filters</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>set-distance</b></var> (<em>integer: 0..255</em>; Default: <b></b>)</td>
     <td><var><b>set-distance</b></var> (<em>integer: 0..255</em>;)</td>
     <td> set the administrative distance of the route. If set to value 255, the route will not become active. Valid only in incoming filters</td>
     <td> set the administrative distance of the route. If set to value 255, the route will not become active. Valid only in incoming filters</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>set-in-nexthop</b></var> (<em>IP address</em>; Default: <b></b>)</td>
     <td><var><b>set-in-nexthop</b></var> (<em>IP address</em>;)</td>
     <td> set gateway value to the specific IP address[es]. Valid only in incoming filters</td>
     <td> set gateway value to the specific IP address[es]. Valid only in incoming filters</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>set-in-nexthop-direct</b></var> (<em>interface name</em>; Default: <b></b>)</td>
     <td><var><b>set-in-nexthop-direct</b></var> (<em>interface name</em>;)</td>
     <td> set gateway value to the specific interface. Valid only in incoming filters</td>
     <td> set gateway value to the specific interface. Valid only in incoming filters</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>set-in-nexthop-ipv6</b></var> (<em>IPv6 address</em>; Default: <b></b>)</td>
     <td><var><b>set-in-nexthop-ipv6</b></var> (<em>IPv6 address</em>;)</td>
     <td> set gateway value to the specific IPv6 address[es]. Valid only in incoming filters
     <td> set gateway value to the specific IPv6 address[es]. Valid only in incoming filters
</td>
</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>set-in-nexthop-linklocal</b></var> (<em>IPv6 link-local address % interface name</em>; Default: <b></b>)</td>
     <td><var><b>set-in-nexthop-linklocal</b></var> (<em>IPv6 link-local address % interface name</em>;)</td>
     <td> set gateway value to the specific IPv6 link-local address[es] on specific interfaces. The syntax separates address and interface by '%'. Valid only in incoming filters</td>
     <td> set gateway value to the specific IPv6 link-local address[es] on specific interfaces. The syntax separates address and interface by '%'. Valid only in incoming filters</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>set-out-nexthop</b></var> (<em>IP address</em>; Default: <b></b>)</td>
     <td><var><b>set-out-nexthop</b></var> (<em>IP address</em>;)</td>
     <td> set gateway to be announced to the specific IP address[es]. Valid only in outgoing filters</td>
     <td> set gateway to be announced to the specific IP address[es]. Valid only in outgoing filters</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>set-out-nexthop-ipv6</b></var> (<em>IPv6 address</em>; Default: <b></b>)</td>
     <td><var><b>set-out-nexthop-ipv6</b></var> (<em>IPv6 address</em>;)</td>
     <td> set gateway to be announced to the specific IPv6 address[es]. Valid only in outgoing filters</td>
     <td> set gateway to be announced to the specific IPv6 address[es]. Valid only in outgoing filters</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>set-out-nexthop-linklocal</b></var> (<em>IPv6 link-local address</em>; Default: <b></b>)</td>
     <td><var><b>set-out-nexthop-linklocal</b></var> (<em>IPv6 link-local address</em>;)</td>
     <td> set gateway value to be announced using BGP link-local nexthop feature. Valid only in outgoing filters and BGP routes</td>
     <td> set gateway value to be announced using BGP link-local nexthop feature. Valid only in outgoing filters and BGP routes</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>set-pref-src</b></var> (<em>IP address</em>; Default: <b></b>)</td>
     <td><var><b>set-pref-src</b></var> (<em>IP address</em>;)</td>
     <td> set the preferred source address for packets leaving via this route. Valid only in incoming filters</td>
     <td> set the preferred source address for packets leaving via this route. Valid only in incoming filters</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>set-route-tag</b></var> (<em>integer</em>; Default: <b></b>)</td>
     <td><var><b>set-route-comment</b></var> (<em>string</em>;)</td>
    <td> set comment text. Valid only in incoming filters</td>
</tr>
<tr>
    <td><var><b>set-route-tag</b></var> (<em>integer</em>;)</td>
     <td> set [[OSPF]] or [[RIP]] route tag property value. For RIP only values 0..65535 are valid</td>
     <td> set [[OSPF]] or [[RIP]] route tag property value. For RIP only values 0..65535 are valid</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>set-route-comment</b></var> (<em>string</em>; Default: <b></b>)</td>
     <td><var><b>set-route-targets</b></var> (<em>AsNum|AsIP</em>;)</td>
     <td> set comment text. Valid only in incoming filters</td>
     <td> </td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>set-routing-mark</b></var> (<em>string</em>; Default: <b></b>)</td>
     <td><var><b>set-routing-mark</b></var> (<em>string</em>;)</td>
     <td> set routing mark for the route. Valid only in incoming filters</td>
     <td> set routing mark for the route. Valid only in incoming filters</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>set-scope</b></var> (<em>integer: 0..255</em>; Default: <b></b>)</td>
     <td><var><b>set-scope</b></var> (<em>integer: 0..255</em>;)</td>
     <td> set scope property, used in recursive nexthop resolving. Valid only in incoming filters</td>
     <td> set scope property, used in recursive nexthop resolving. Valid only in incoming filters</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>set-target-scope</b></var> (<em>integer: 0..255</em>; Default: <b></b>)</td>
     <td><var><b>set-target-scope</b></var> (<em>integer: 0..255</em>;)</td>
     <td> set target-scope property, used in recursive nexthop resolving. Valid only in incoming filters</td>
     <td> set target-scope property, used in recursive nexthop resolving. Valid only in incoming filters</td>
</tr>
</tr>
<tr>
<tr>
     <td><var><b>set-type</b></var> (<em>blackhole | prohibit | unicast | unreachable</em>; Default: <b></b>)</td>
     <td><var><b>set-type</b></var> (<em>blackhole | prohibit | unicast | unreachable</em>;)</td>
     <td> set route type. Valid only in incoming filters
     <td> set route type. Valid only in incoming filters
:<var>unicast</var> - standard route
:<var>unicast</var> - standard route
Line 233: Line 249:


<tr>
<tr>
     <td><var><b>target-scope</b></var> (<em>integer 0..255[-integer 0..255]</em>; Default: <b></b>)</td>
    <td><var><b>set-use-te-nexthop</b></var> (<em>yes|no</em>;)</td>
    <td> </td>
</tr>
<tr>
     <td><var><b>target-scope</b></var> (<em>integer 0..255[-integer 0..255]</em>;)</td>
     <td> match routes with a specific 'target-scope' value</td>
     <td> match routes with a specific 'target-scope' value</td>
</tr>
</tr>

Revision as of 07:33, 15 May 2009

Sub-menu: /routing filter



Property Description
action (accept | discard | jump | log | passthrough | reject | return; Default: passthrough) action to perform on route matching the rule.
accept - accept the routing information
discard - completely exclude matching prefix from further processing. For incoming filters, 'discard' means that information about this route is completely lost. For outgoing filters it's the same as 'reject'
jump - pass control to another filter list that should be specified as 'jump-target' parameter
log - log message about this match in system log and continue with the next rule in chain
passthrough - do not perform any action and continue to the next rule in chain
reject - reject the routing information for matching prefix. For incoming filters, 'reject' means that information about this route stored in memory, but the route will not become active. For outgoing filters it's the same as 'discard'
return - return to the previous chain from which a jump to the current chain took place
address-family (ip|ipv6|l2vpn|l2vpn-cisco|vpnv4;) match by BGP address family
append-bgp-communities (integer:integer | internet | local-as | no-advertise | no-export;) similar to 'set-bgp-communities', but does not delete any existing information about communities
append-route-targets (AsIP|AsNum;)
bgp-as-path (string;) unanchored pattern to be searched inside AS_PATH attribute of the route. POSIX regular expressions are supported.
bgp-as-path-length (integer-integer;) match length of AS_PATH BGP attribute, representing the number of ASes that have been traversed. Read how the AS_PATH length is calculated before using this matcher
bgp-atomic-aggregate (absent | present;) match ATOMIC_AGGREGATE BGP attribute
bgp-communities (integer:integer | internet | local-as | no-advertise | no-export;) match the COMMUNITIES BGP attribute. Match is done when communities attribute in a route contains all entries from this configured list. But note that if communities list contains 'internet', the whole list always matched.
bgp-local-pref (integer[-integer];) match LOCAL_PREF BGP attribute. If the LOCAL_PREF for a route is not set, value 0 is used instead
bgp-med (integer[-integer];) match MULTI_EXIT_DISC BGP attribute. If the MULTI_EXIT_DISC for a route is not set, value 0 is used instead
bgp-origin (igp | egp | incomplete;) match ORIGIN BGP attribute. If the ORIGIN for a route is not set, value 'incomplete' is used instead
bgp-weight (signed integer[-signed integer];) match BGP weight property. If this property for a route is not set, value 0 is used instead
chain (string;) chain name to place this rule in. If a chain with the specified name does not exist it will be automatically created

chain name to place this rule in. If a chain with the specified name does not exist it will be automatically created

ospf-in - predefined filter chain for routes received via OSPF;
ospf-out - predefined filter chain for external routes redistributed via OSPF;
rip-in - predefined filter chain for routes received via RIP;
rip-out - predefined filter chain for external routes redistributed via RIP;
mme-in - predefined filter chain for routes received via MME;
connected-in - predefined filter chain for all connected routes;
dynamic-in - predefined filter chain for all other dynamic routes, i.e. all dynamic routes except (1) those added by routing protocols and (2) connected routes. In this category falls routes added by some external program, for example PPP daemon.


Note that internal RIP filtering is done using prefix lists [and internal (intra-area) OSPF filtering is not supported yet]
distance (integer: 0..255[ - integer:0..255];) match routes with specific administrative distance
invert-math (yes | no; Default: no) invert this match, i.e. apply the rule to routes that would fail to match it and vice versa
jump-target (string;) name of the target chain to jump to, if the 'action=jump' is used
locally-originated-bgp (yes|no;)
match-chain (string;) the name of the chain which is used to evaluate the route. If the chain accepts the route, 'match-chain' property produces a true match
pref-src (IP address range;) match routes with a specific preferred source value
prefix (IP prefix; Default: 0.0.0.0/0) network prefix to match. If prefix-length is not set, only exact match is done. For example, 0.0.0.0/0 then matches only the default route and nothing else
prefix-length (integer; Default: 0-32) network prefix mask length to match. If prefix-length is set, for a route to match the prefix and prefix-length of a rule, the following should hold:
  • the network prefix of the route falls within the range of the prefix of the rule, (i.e.
  • the network mask of the route is greater of equal than the network mask of the prefix;
  • the network address of the route masked out by the network mask of the prefix is equal to the network address of the prefix;)
  • the length of the network mask of the route falls within the range of the prefix-length
protocol (connect | static | rip | ospf | bgp;) match routes coming from a specific protocol (the values are self-explanatory)
route-comment (string;) match routes with a specific comment
route-tag (integer;) match routes with a specific route-tag property value
routing-mark (string;) match routes with a specific routing mark
scope (integer 0..255[-integer 0..255];) match routes with a specific scope property value
set-bgp-communities (integer:integer | internet | local-as | no-advertise | no-export;) set COMMUNITIES BGP attribut
set-bgp-local-pref (integer;) set LOCAL_PREF BGP attribute
set-bgp-med (integer;) set MULTI_EXIT_DISC BGP attribute
set-bgp-prepend (integer: 0..16 | default;) how many times to prepend router's own AS number to AS_PATH attribute

For incoming filters, it affects the AS_PATH attribute length, which is used in BGP route selection process.

For outgoing filters, the prepending is done when announcing route via BGP and affects only routes sent to EBGP peers (for IBGP value 1 is always used)
set-bgp-prepend-path (AS list;) add specified list of AS numbers to AS_PATH attribute

If both set-bgp-prepend and set-bgp-prepend-path are used then set-bgp-prepend will have highest priority.

set-bgp-weight (signed integer;) set BGP weight property to be used in BGP route selection process. Valid only in incoming filters and for BGP routes
set-check-gateway (arp | none | ping;) set which protocol to use for gateway reachability, if any. Valid only in incoming filters
set-disabled (yes | no;) if set, the route will not become active. Valid only in incoming filters
set-distance (integer: 0..255;) set the administrative distance of the route. If set to value 255, the route will not become active. Valid only in incoming filters
set-in-nexthop (IP address;) set gateway value to the specific IP address[es]. Valid only in incoming filters
set-in-nexthop-direct (interface name;) set gateway value to the specific interface. Valid only in incoming filters
set-in-nexthop-ipv6 (IPv6 address;) set gateway value to the specific IPv6 address[es]. Valid only in incoming filters
set-in-nexthop-linklocal (IPv6 link-local address % interface name;) set gateway value to the specific IPv6 link-local address[es] on specific interfaces. The syntax separates address and interface by '%'. Valid only in incoming filters
set-out-nexthop (IP address;) set gateway to be announced to the specific IP address[es]. Valid only in outgoing filters
set-out-nexthop-ipv6 (IPv6 address;) set gateway to be announced to the specific IPv6 address[es]. Valid only in outgoing filters
set-out-nexthop-linklocal (IPv6 link-local address;) set gateway value to be announced using BGP link-local nexthop feature. Valid only in outgoing filters and BGP routes
set-pref-src (IP address;) set the preferred source address for packets leaving via this route. Valid only in incoming filters
set-route-comment (string;) set comment text. Valid only in incoming filters
set-route-tag (integer;) set OSPF or RIP route tag property value. For RIP only values 0..65535 are valid
set-route-targets (AsNum|AsIP;)
set-routing-mark (string;) set routing mark for the route. Valid only in incoming filters
set-scope (integer: 0..255;) set scope property, used in recursive nexthop resolving. Valid only in incoming filters
set-target-scope (integer: 0..255;) set target-scope property, used in recursive nexthop resolving. Valid only in incoming filters
set-type (blackhole | prohibit | unicast | unreachable;) set route type. Valid only in incoming filters
unicast - standard route
blackhole - silently discard packets
prohibit - reply to sender with ICMP Communication Administratively Prohibited messages
unreachable - reply to sender with ICMP Network Unreachable messages
set-use-te-nexthop (yes|no;)
target-scope (integer 0..255[-integer 0..255];) match routes with a specific 'target-scope' value