R3721-F3210-F3171-HP High-End Firewalls Network Management Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

331

332

333

334

335

336

337

338

339

340

313

[Sysname] ospf 100

[Sysname-ospf-100] area 1

[Sysname-ospf-100-area-0.0.0.1] filter ip-prefix my-prefix-list import

[Sysname-ospf-100-area-0.0.0.1] filter 2000 export

filter-policy export (OSPF view)

Syntax

filter-policy { acl-number | ip-prefix ip-prefix-name } export [ protocol [ process-id ] ]

undo filter-policy export [ protocol [ process-id ] ]

View

OSPF view

Default level

2: System level

Parameters

acl-number: Number of an ACL used to filter redistributed routes, in the range of 2000 to 3999.

ip-prefix-name: Name of an IP prefix list used to filter redistributed routes, a string of up to 19 characters.

protocol: Specifies a protocol from which to filter redistributed routes. The protocol can be bgp, direct,

isis, rip, ospf, or static. If no protocol is specified, all redistributed routes are filtered.

process-id: Process ID, which is required when the protocol is isis, ospf, or rip, in the range of 1 to

65535.

Description

Use filter-policy export to configure the filtering of redistributed routes.

Use undo filter-policy export to disable the filtering.

By default, the filtering of redistributed routes is not configured.

The following matrix shows the argument and firewall compatibility:

ument F1000-A-EI/S-EI

F1000-E

F5000 Firewall module

protocol

Yes.

Excludes isis.

Yes.

Excludes isis.

Yes.

Includes isis.

Yes.

Excludes isis.

You can use this command to filter redistributed routes as needed.

If you want to reference an advanced ACL (with a number from 3000 to 3999) in the command, the ACL

should be configured with the rule [ rule-id ] { deny | permit } ip source sour-addr sour-wildcard

command to deny/permit a route with the specified destination, or with the rule [ rule-id ] { deny |

permit } ip source sour-addr sour-wildcard destination dest-addr dest-wildcard command to deny/permit

a route with the specified destination and mask. The source keyword specifies the destination address of

a route and the destination keyword specifies the subnet mask of the route (the subnet mask must be valid;

otherwise, the configuration is ineffective).

Related commands: import-route.

Examples

# Filter redistributed routes using ACL2000.