Bug #9619
closed
FRR - Prefix Lists
0%
Description
PFSense 2.4.4_3
frr 0.5.2
Reproduce:
Services->FRR->Global Settings->Prefix Lists
Add new Prefix List
Name: Test
Description: Test
Sequence: 10
Action: Allow
Network: 0.0.0.0
Sequence: 20
Action: Deny
Network: any
Save
Expected Outcome:
Creates a Prefix List wich denies any Prefix except an default route (0.0.0.0).
Outcome:
Produces an UI Input Error:
"The following input errors were detected:
Network in row 0 must be a subnet.
Network in row 1 must be a subnet."
This seems to be an UI Bug only as previously created Lists seemed to work directly after the Update,
although those couldnt be edited due to the error. Now on my BGP Neighbour the previously working default route
won't get installed.
Updated by Jim Pingle almost 5 years ago
- Status changed from New to Not a Bug
- Priority changed from Very High to Normal
The first rule is wrong because a prefix list must contain prefixes, thus it should be 0.0.0.0/0. The second line is wrong because it's unnecessary. There is an implicit deny, so there is no need to make your own.
Updated by Jarek Nowak over 4 years ago
Jim Pingle wrote:
The first rule is wrong because a prefix list must contain prefixes, thus it should be
0.0.0.0/0. The second line is wrong because it's unnecessary. There is an implicit deny, so there is no need to make your own.
You didnt get it right.
The rules don't really matter.
Also i did not ask for you validating my rules, if so your answer would be wrong because allowing 0.0.0.0/0 should, and hopefully will allow ANY route to be permitted, which is not what was intended by that rule, what you couldn't know, b/c you didn't ask, which is good because it was not my question.
so i ask you kindly: please tell me how to use the documented "any" keyword in the rules, if this os not a bug.
thank you
Updated by Jim Pingle over 4 years ago
Jarek Nowak wrote:
Also i did not ask for you validating my rules, if so your answer would be wrong because allowing 0.0.0.0/0 should, and hopefully will allow ANY route to be permitted,
Prefix lists require a CIDR prefix, which you didn't specify. Exactly which routes are allowed by that mechanism in a prefix list depends on the exact prefix given and the values of ge/le, which you also didn't specify. For example, "0.0.0.0/0 le 32" will match anything, while "0.0.0.0/0" means the default route only, it will not match networks with other masks.
so i ask you kindly: please tell me how to use the documented "any" keyword in the rules, if this os not a bug.
The latest version of the package allows "any" in that field, but again, in your example it was unnecessary, thus not relevant.
I worked with the information I was given. This site is not for support or diagnostic discussion, so attempting to diagnose why you were doing what you claimed is out of scope, I only looked at the error messages and the suggested input that led to them. If you want to discuss it in more detail, start a thread on the forum.
Updated by Jarek Nowak over 4 years ago
thank you for your willingness to find out what i could have meant,
but really my problem was:
i really could not use the any keyword in no rule, which i could have done before upgrading to PFSense 2.4.4_3.
after upgrading frr to 6.2 i could use it again, thank you.
for my next report ill try to invent more realistic examples ;)