<p dir="ltr">Thanks for your explaination. I understand, and it seems to be functioning OK with the following config. Is this the right way ? :</p>
<p dir="ltr">protocol rip rip1 {<br>
#debug all;<br>
interface "eth0" { mode multicast; ttl security tx only; };<br>
honor neighbor;<br>
authentication none;<br>
import all;<br>
export filter { # This block filters <a href="http://192.168.1.0/24">192.168.1.0/24</a> out<br>
if net ~ [ <a href="http://192.168.1.0/24+">192.168.1.0/24+</a> ] then<br>
reject "rip1:rejected:directly-connected";<br>
else<br>
accept "rip1:accepted:not-directly-connected";<br>
};</p>
<p dir="ltr">}</p>
<p dir="ltr">protocol rip rip2 {<br>
#debug all;<br>
interface "eth1" { mode multicast; ttl security tx only; };<br>
honor neighbor;<br>
authentication none;<br>
import all;<br>
export filter { # This block filters <a href="http://192.168.1.0/24">192.168.1.0/24</a> out<br>
if net ~ [ <a href="http://192.168.5.0/24+">192.168.5.0/24+</a> ] then<br>
reject "rip2:rejected:directly-connected";<br>
else<br>
accept "rip2:accepted:not-directly-connected";<br>
};</p>
<p dir="ltr">}</p>
<p dir="ltr">## eth0 is on the <a href="http://192.168.1.0/24">192.168.1.0/24</a> and eth1 on the<br>
## <a href="http://192.168.5.0/24">192.168.5.0/24</a>. The goal is to prevent an interface<br>
## from advertising its own subnet<br>
</p>
<div class="gmail_quote">On Mar 19, 2015 11:12 AM, "Ondrej Zajicek" <<a href="mailto:santiago@crfreenet.org">santiago@crfreenet.org</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Fri, Mar 13, 2015 at 08:05:23PM +0100, olivier a wrote:<br>
> Is there a way to filter RIP announced routes on an interface basis ?<br>
<br>
Hi<br>
<br>
Currently the only way is to have separate RIP protocol instances for<br>
each interface and do filtering on import/export to these RIP instances.<br>
<br>
--<br>
Elen sila lumenn' omentielvo<br>
<br>
Ondrej 'Santiago' Zajicek (email: <a href="mailto:santiago@crfreenet.org">santiago@crfreenet.org</a>)<br>
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, <a href="http://wwwkeys.pgp.net" target="_blank">wwwkeys.pgp.net</a>)<br>
"To err is human -- to blame it on a computer is even more so."<br>
</blockquote></div>