1st:
MikroTik RouterOS v7 Commonly Used Filters
Notes about using the filers
• Starting in ROSv7, the filters are in a “normally closed” state.
Traffic will not flow until an accept rule has been created for that
traffic once the filters have been referenced. If the filters have
not been referenced, then the protocol will act as normal.
• The chains used in the examples must be referenced in the routing
protocol to work. These were used as examples only.
• Visit
https://help.mikrotik.com/docs/pages/viewpage.action?pageId=74678285
for more details on the filter syntax.
if ( [matchers] ) { [actions] } else { [actions] }
Commonly Used Filters for OSPF
• To change the Distance on all OSPF routes:
• To change the Distance on just one OSPF route:
• To discard an incoming Prefix:
• To add a Comment to an OSPF route:
• To discard OSPF routes based on the CIDR Length (greater than or equal to /31):
• To change the OSPF Type-1 metric for a route:
• To change from the default of a Type1 route to a Type2 route and change the metric:
/routing filter rule
add chain=OSPF_In disabled=no rule=”if ( protocol ospf ) { set distance 50; accept }”
add chain=OSPF_In disabled=no rule=”if ( dst==172.16.1.3/32 ) { set distance 40; accept }”
add chain=OSPF_In disabled=no rule=”if ( dst==172.16.1.3/32 ) { reject }”
add chain=OSPF_In disabled=no rule=”if ( dst==172.16.1.3/32 ) { set comment To_Main_Tower }”
add chain=OSPF_In disabled=no rule=”if ( dst-len >=31 ) { reject }”
add chain=OSPF_Out disabled=no rule=”if ( dst==0.0.0.0/0 ) { set ospf-ext-metric 20 }”
add chain=OSPF_Out disabled=no rule=”if ( dst==0.0.0.0/0 ) { set ospf-ext-type type2; set ospf-extmetric 25 }
Commonly Used Filters for RIP
• To change the Distance on all RIP routes:
• To change the Distance on just one RIP route:
• To discard an incoming Prefix:
• To add a Comment to a RIP route:
• To discard RIP routes based on the CIDR Length (greater than or equal to /31):
Commonly Used Filters for BGP
• To change the Distance on all BGP routes:
• To change the Distance on just one BGP route:
• To change the Scope & Target Scope of an incoming route:
• To discard an incoming Prefix:
• To add a Comment to a BGP route:
routing filter rule
add chain=RIP_In disabled=no rule=”if ( protocol rip ) { set distance 30; accept }”
add chain=RIP_In disabled=no rule=”if ( dst==172.16.1.3/32 ) { set distance 40; accept }”
add chain=RIP_In disabled=no rule=”if ( dst==172.16.1.3/32 ) { reject }”
add chain=RIP_In disabled=no rule=”if ( dst==172.16.1.3/32 ) { set comment To_Main_Tower }”
add chain=RIP_In disabled=no rule=”if ( dst-len >=31 ) { reject }”
/routing filter rule
add chain=BGP_In disabled=no rule=”if ( protocol BGP ) { set distance 10; accept }”
add chain=BGP_In disabled=no rule=”if ( dst==172.16.1.3/32 ) { set distance 40; accept }”
add chain=BGP_In disabled=no rule=”if ( dst==172.16.1.3/32 ) { reject }”
add chain=BGP_In disabled=no rule=”if ( dst==172.16.1.3/32 ) { set comment To_Main_Tower }”
• To discard BGP routes based on the CIDR Length (greater than or equal to /24):
• To set the BGP Weight:
• To set the Local Preference:
• To set the Path Prepend:
• To change the Prepending of an incoming route:
• To reject routes that have been Prepended more than 4 times:
• To set the MED on incoming routes:
• To set the MED on outgoing routes:
• To set the IGP Metric:
add chain=BGP_In disabled=no rule=”if ( dst-len >=24 ) { reject }”
add chain=BGP_In disabled=no rule=” if ( dst==123.123.123.0/24 ) { set bgp-weight 50; accept }”
add chain=BGP_In disabled=no rule=” if ( dst==123.123.123.0/24 ) { set bgp-local-pref 200; accept
}”
add chain=BGP_Out disabled=no rule=” if ( dst==123.123.123.0/24 ) { set bgp-path-prepend 10;
accept }”
add chain=BGP_In disabled=no rule=” if ( dst==123.123.123.0/24 ) { set bgp-path-peer-prepend 1;
accept }”
add chain=BGP_In disabled=no rule=” if ( dst==123.123.123.0/24 ) { set bgp-path-peer-prepend >
4; reject }”
add chain=BGP_In disabled=no rule=” if ( dst==123.123.123.0/24 ) { set bgp-med 50; accept }”
add chain=BGP_Out disabled=no rule=” if ( dst==123.123.123.0/24 ) { set bgp-out-med 50; accept
}”
add chain=BGP_In disabled=no rule=” if ( dst==123.123.123.0/24 ) { set bgp-igp-metric 10; accept
