Thanks for your explaination. I understand, and it seems to be functioning OK with the following config. Is this the right way ? : protocol rip rip1 { #debug all; interface "eth0" { mode multicast; ttl security tx only; }; honor neighbor; authentication none; import all; export filter { # This block filters 192.168.1.0/24 out if net ~ [ 192.168.1.0/24+ ] then reject "rip1:rejected:directly-connected"; else accept "rip1:accepted:not-directly-connected"; }; } protocol rip rip2 { #debug all; interface "eth1" { mode multicast; ttl security tx only; }; honor neighbor; authentication none; import all; export filter { # This block filters 192.168.1.0/24 out if net ~ [ 192.168.5.0/24+ ] then reject "rip2:rejected:directly-connected"; else accept "rip2:accepted:not-directly-connected"; }; } ## eth0 is on the 192.168.1.0/24 and eth1 on the ## 192.168.5.0/24. The goal is to prevent an interface ## from advertising its own subnet On Mar 19, 2015 11:12 AM, "Ondrej Zajicek" <santiago@crfreenet.org> wrote:

On Fri, Mar 13, 2015 at 08:05:23PM +0100, olivier a wrote:

...

Is there a way to filter RIP announced routes on an interface basis ?

Hi

Currently the only way is to have separate RIP protocol instances for each interface and do filtering on import/export to these RIP instances.

-- Elen sila lumenn' omentielvo

Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."