doc/filter.texi

   1 @node Filtering
   2 @comment  node-name,  next,  previous,  up
   3 @chapter Filtering
   4
   5 Zebra provides many very flexible filtering features.  Filtering is used
   6 for both input and output of the routing information.  Once filtering is
   7 defined, it can be applied in any direction.
   8
   9 @menu
  10 * IP Access List::
  11 * IP Prefix List::
  12 @end menu
  13
  14 @node IP Access List, IP Prefix List, Filtering, Filtering
  15 @comment  node-name,  next,  previous,  up
  16 @subsection IP Access List
  17
  18 @deffn {Command} {access-list @var{name} permit @var{ipv4-network}} {}
  19 @deffnx {Command} {access-list @var{name} deny @var{ipv4-network}} {}
  20 @end deffn
  21
  22 Basic filtering is done by @code{access-list} as shown in the
  23 following example.
  24
  25 @example
  26 access-list filter deny 10.0.0.0/9
  27 access-list filter permit 10.0.0.0/8
  28 @end example
  29
  30 @node IP Prefix List,  , IP Access List, Filtering
  31 @comment  node-name,  next,  previous,  up
  32 @subsection IP Prefix List
  33
  34 @command{ip prefix-list} provides the most powerful prefix based
  35 filtering mechanism.  In addition to @command{access-list} functionality,
  36 @command{ip prefix-list} has prefix length range specification and
  37 sequential number specification.  You can add or delete prefix based
  38 filters to arbitrary points of prefix-list using sequential number specification.
  39
  40 If no ip prefix-list is specified, it acts as permit.  If @command{ip prefix-list}
  41 is defined, and no match is found, default deny is applied.
  42
  43 @c @deffn {Command} {ip prefix-list @var{name} [seq @var{number}] permit|deny [le @var{prefixlen}] [ge @var{prefixlen}]} {}
  44 @deffn {Command} {ip prefix-list @var{name} (permit|deny) @var{prefix} [le @var{len}] [ge @var{len}]} {}
  45 @deffnx {Command} {ip prefix-list @var{name} seq @var{number} (permit|deny) @var{prefix} [le @var{len}] [ge @var{len}]} {}
  46
  47 You can create @command{ip prefix-list} using above commands.
  48
  49 @table @asis
  50
  51 @item @asis{seq}
  52 seq @var{number} can be set either automatically or manually.  In the
  53 case that sequential numbers are set manually, the user may pick any
  54 number less than 4294967295.  In the case that sequential number are set
  55 automatically, the sequential number will increase by a unit of five (5)
  56 per list.  If a list with no specified sequential number is created
  57 after a list with a specified sequential number, the list will
  58 automatically pick the next multiple of five (5) as the list number.
  59 For example, if a list with number 2 already exists and a new list with
  60 no specified number is created, the next list will be numbered 5.  If
  61 lists 2 and 7 already exist and a new list with no specified number is
  62 created, the new list will be numbered 10.
  63
  64 @item @asis{le}
  65 @command{le} command specifies prefix length.  The prefix list will be
  66 applied if the prefix length is less than or equal to the le prefix length.
  67
  68 @item @asis{ge}
  69 @command{ge} command specifies prefix length.  The prefix list will be
  70 applied if the prefix length is greater than or equal to the ge prefix length.
  71
  72 @end table
  73
  74 @end deffn
  75
  76 Less than or equal to prefix numbers and greater than or equal to
  77 prefix numbers can be used together.  The order of the le and ge
  78 commands does not matter.
  79
  80 If a prefix list with a different sequential number but with the exact
  81 same rules as a previous list is created, an error will result.
  82 However, in the case that the sequential number and the rules are
  83 exactly similar, no error will result.
  84
  85 If a list with the same sequential number as a previous list is created,
  86 the new list will overwrite the old list.
  87
  88 Matching of IP Prefix is performed from the smaller sequential number to the
  89 larger.  The matching will stop once any rule has been applied.
  90
  91 In the case of no le or ge command,
  92
  93 Version 0.85: the matching rule will apply to all prefix lengths that
  94 matched the prefix list.
  95
  96 Version 0.86 or later: In the case of no le or ge command, the prefix
  97 length must match exactly the length specified in the prefix list.
  98
  99
 100 @deffn {Command} {no ip prefix-list @var{name}} {}
 101 @end deffn
 102
 103 @menu
 104 * ip prefix-list description::
 105 * ip prefix-list sequential number control::
 106 * Showing ip prefix-list::
 107 * Clear counter of ip prefix-list::
 108 @end menu
 109
 110 @node ip prefix-list description, ip prefix-list sequential number control, IP Prefix List, IP Prefix List
 111 @comment  node-name,  next,  previous,  up
 112 @subsubsection ip prefix-list description
 113
 114 @deffn {Command} {ip prefix-list @var{name} description @var{desc}} {}
 115 Descriptions may be added to prefix lists.  This command adds a
 116 description to the prefix list.
 117 @end deffn
 118
 119 @deffn {Command} {no ip prefix-list @var{name} description [@var{desc}]} {}
 120 Deletes the description from a prefix list.  It is possible to use the
 121 command without the full description.
 122 @end deffn
 123
 124 @node  ip prefix-list sequential number control, Showing ip prefix-list, ip prefix-list description, IP Prefix List
 125 @comment  node-name,  next,  previous,  up
 126 @subsubsection ip prefix-list sequential number control
 127
 128 @deffn {Command} {ip prefix-list sequence-number} {}
 129 With this command, the IP prefix list sequential number is displayed.
 130 This is the default behavior.
 131 @end deffn
 132
 133 @deffn {Command} {no ip prefix-list sequence-number} {}
 134 With this command, the IP prefix list sequential number is not
 135 displayed.
 136 @end deffn
 137
 138 @node  Showing ip prefix-list, Clear counter of ip prefix-list, ip prefix-list sequential number control, IP Prefix List
 139 @comment  node-name,  next,  previous,  up
 140 @subsubsection Showing ip prefix-list
 141
 142 @deffn {Command} {show ip prefix-list} {}
 143 Display all IP prefix lists.
 144 @end deffn
 145
 146 @deffn {Command} {show ip prefix-list @var{name}} {}
 147 Show IP prefix list can be used with a prefix list name.
 148 @end deffn
 149
 150 @deffn {Command} {show ip prefix-list @var{name} seq @var{num}} {}
 151 Show IP prefix list can be used with a prefix list name and sequential
 152 number.
 153 @end deffn
 154
 155 @deffn {Command} {show ip prefix-list @var{name} @var{a.b.c.d/m}} {}
 156 If the command longer is used, all prefix lists with prefix lengths equal to
 157 or longer than the specified length will be displayed.
 158 If the command first match is used, the first prefix length match will be
 159 displayed.
 160 @end deffn
 161
 162 @deffn {Command} {show ip prefix-list @var{name} @var{a.b.c.d/m} longer} {}
 163 @end deffn
 164
 165 @deffn {Command} {show ip prefix-list @var{name} @var{a.b.c.d/m} first-match} {}
 166 @end deffn
 167
 168 @deffn {Command} {show ip prefix-list summary} {}
 169 @end deffn
 170 @deffn {Command} {show ip prefix-list summary @var{name}} {}
 171 @end deffn
 172
 173 @deffn {Command} {show ip prefix-list detail} {}
 174 @end deffn
 175 @deffn {Command} {show ip prefix-list detail @var{name}} {}
 176 @end deffn
 177
 178 @node  Clear counter of ip prefix-list,  , Showing ip prefix-list, IP Prefix List
 179 @comment  node-name,  next,  previous,  up
 180 @subsubsection Clear counter of ip prefix-list
 181
 182 @deffn {Command} {clear ip prefix-list} {}
 183 Clears the counters of all IP prefix lists.  Clear IP Prefix List can be
 184 used with a specified name and prefix.
 185 @end deffn
 186
 187 @deffn {Command} {clear ip prefix-list @var{name}} {}
 188 @end deffn
 189
 190 @deffn {Command} {clear ip prefix-list @var{name} @var{a.b.c.d/m}} {}
 191 @end deffn
 192