Community discussions

MikroTik App
 
troy
Member
Member
Topic Author
Posts: 314
Joined: Thu Jun 30, 2005 6:47 pm

7.5 filter rule shenanigans

Wed Sep 21, 2022 4:57 pm

Not sure if this is ROS7 or just CHR, but what's going on?

I'm working on filter rules for BGP (transit, customer, peer, internal, etc), and from time to time, it all goes to hell when I re-order the rules. Issuing a bunch of /undo commands usually fixes it, but sometimes, the CPU goes to100% and locks me out, forcing me to reset the VM (running on QEMU in GNS3). This time, it gets even more fun. As I moved 2 rules, they both got corrupted. One got completely clobbered and I can't even remove it now?

/routing filter rule
add chain=Transit.out comment="AdvertisL\B3\040L\B3\040Routes" disabled=no rule=\
    "if ((chain Local || bgp-communities equal-list Local) && dst-len in  21-24) { accept; }"
add disabled=no
add chain=Transit.in disabled=no rule="set bgp-communities Transit; set comment Transit;"
add chain=Transit.in disabled=no rule="if (dst == 0.0.0.0/0) { accept; }"
Note the comment in the first rule. It should read "Advertise Local Routes," but it got clobbered from a move command. I was able to remove all the other rules, but the one empty rule remains and does not want to be taken out!
[admin@ISP.100] /routing/filter/rule> exp
# sep/21/2022 13:44:00 by RouterOS 7.5
# software id =
#
/routing filter rule
add disabled=no
[admin@ISP.100] /routing/filter/rule> pr
Flags: X - disabled, I - inactive
 0 I
[admin@ISP.100] /routing/filter/rule> rem 0
no such item (4)
[admin@ISP.100] /routing/filter/rule>
[admin@ISP.100] /routing/filter/rule> set 0 rule=accept
no such item (4)
[admin@ISP.100] /routing/filter/rule>
Oddly enough, I can add and remove another rule with disabled=no as the only thing it has.

After a reboot, most (but not all) of the rules I removed came back, but the one stubborn rule did not.

Who is online

Users browsing this forum: No registered users and 8 guests