Thanks for your explaination. I understand, and it seems to be functioning OK with the following config. Is this the right way ? :
protocol rip rip1 {
#debug all;
interface "eth0" { mode multicast; ttl security tx only; };
honor neighbor;
authentication none;
import all;
export filter { # This block filters 192.168.1.0/24 out
if net ~ [ 192.168.1.0/24+ ] then
reject "rip1:rejected:directly-connected";
else
accept "rip1:accepted:not-directly-connected";
};
}
protocol rip rip2 {
#debug all;
interface "eth1" { mode multicast; ttl security tx only; };
honor neighbor;
authentication none;
import all;
export filter { # This block filters 192.168.1.0/24 out
if net ~ [ 192.168.5.0/24+ ] then
reject "rip2:rejected:directly-connected";
else
accept "rip2:accepted:not-directly-connected";
};
}
## eth0 is on the 192.168.1.0/24 and eth1 on the
## 192.168.5.0/24. The goal is to prevent an interface
## from advertising its own subnet
On Fri, Mar 13, 2015 at 08:05:23PM +0100, olivier a wrote:
> Is there a way to filter RIP announced routes on an interface basis ?
Hi
Currently the only way is to have separate RIP protocol instances for
each interface and do filtering on import/export to these RIP instances.
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."