<html>
<!--
Public Release 3
$Id: filter.html,v 1.3 1998/11/15 22:03:14 skh Exp $
------------------------------------------------------------------------
Copyright (c) 1996, 1997 The Regents of the University of Michigan
All Rights Reserved
Royalty-free licenses to redistribute GateD Release
3 in whole or in part may be obtained by writing to:
Merit GateDaemon Project
4251 Plymouth Road, Suite C
Ann Arbor, MI 48105
THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER
EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE REGENTS OF THE
UNIVERSITY OF MICHIGAN AND MERIT DO NOT WARRANT THAT THE
FUNCTIONS CONTAINED IN THE SOFTWARE WILL MEET LICENSEE'S REQUIREMENTS OR
THAT OPERATION WILL BE UNINTERRUPTED OR ERROR FREE. The Regents of the
University of Michigan and Merit shall not be liable for
any special, indirect, incidental or consequential damages with respect
to any claim by Licensee or any third party arising from use of the
software. GateDaemon was originated and developed through release 3.0
by Cornell University and its collaborators.
Please forward bug fixes, enhancements and questions to the
gated mailing list: gated-people@gated.merit.edu.
------------------------------------------------------------------------
Copyright (c) 1990,1991,1992,1993,1994,1995 by Cornell University.
All rights reserved.
THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE.
GateD is based on Kirton's EGP, UC Berkeley's routing
daemon (routed), and DCN's HELLO routing Protocol.
Development of GateD has been supported in part by the
National Science Foundation.
------------------------------------------------------------------------
Portions of this software may fall under the following
copyrights:
Copyright (c) 1988 Regents of the University of California.
All rights reserved.
Redistribution and use in source and binary forms are
permitted provided that the above copyright notice and
this paragraph are duplicated in all such forms and that
any documentation, advertising materials, and other
materials related to such distribution and use
acknowledge that the software was developed by the
University of California, Berkeley. The name of the
University may not be used to endorse or promote
products derived from this software without specific
prior written permission. THIS SOFTWARE IS PROVIDED
``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-->
<head>
<TITLE>GateD Configuration Guide - Routing Filtering</TITLE>
</head>
<body>
<H1>Route Filtering</H1>
Routes are filtered by specifying configuration language that will
match a certain set of routes by destination, or by destination and
mask. Among other places, route filters are used on
<code>martians</code>, <code>import</code> and <code>export</code>
statements. <p>
The action taken when no match is found is dependent on the context,
for instance <code>import</code> and <code>export</code> route filters
assume an <code>all reject ;</code> at the end a list. <p>
A route will match the most specific filter that applies. Specifying
more than one filter with the same destination, mask and modifiers
will generate an error.
<hr>
<h2>Filtering syntax</h2>
<pre>
<var>network</var> [ <strong>exact</strong> | <strong>refines</strong> ]
<var>network</var> <strong>mask</strong> <var>mask</var> [ <strong>exact</strong> | <strong>refines</strong> ]
<var>network</var> <strong>masklen</strong> <var>number</var> [ <strong>exact</strong> | <strong>refines</strong> ]
<strong>all</strong>
<strong>default</strong>
<strong>host</strong> <var>host</var>
</pre>
These are all the possible formats for a route filter. Not all of
these formats are available in all places, for instance the
<code>host</code> and <code>default</code> formats are not valid for
<code>martians</code>. <p>
In most cases it is possible to specify additional parameters relevent
to the context of the filter. For example, on a <code>martian</code>
statement it is possible to specify the <code>allow</code> keyword, on
an <code>import</code> statement you can specify a preference, and on
a <code>export</code> you can specify a metric.
<dl>
<dt> <var>network</var> [ <strong>exact</strong> | <strong>refines</strong> ]
<dt> <var>network</var> <strong>mask</strong> <var>mask</var> [ <strong>exact</strong> | <strong>refines</strong> ]
<dt> <var>network</var> <strong>masklen</strong> <var>number</var> [ <strong>exact</strong> | <strong>refines</strong> ]
<dd> Matching usually requires both an address and a mask, although
the mask is implied in the shorthand forms listed below. These
three forms vary in how the mask is specified. In the first
form, the mask is implied to be the <a
href="glossary.html#natural_mask">natural mask</a> of the
network. In the second, the mask is explicitly specified. In
the third, the mask is specified by the number of contiguous one
bits. <p>
If no additional parameters are specified, any destination that
falls in the range given by the network and mask is matched, the
mask of the destination is ignored. If a <em>natural</em>
network is specified, the network, any subnets, and any hosts
will be match. The two optional modifiers cause the mask of the
destination to be considered also:
<dl>
<dt> <strong>exact</strong>
<dd> This parameter specifies that the mask of the destination
must match the supplied mask <em>exactly</em>. This is used
to match a network, but no subnets or hosts of that network.
<dt> <strong>refines</strong>
<dd> Specifies that the mask of the destination must be more
specified (i.e. longer) than the filter mask. This is used
to match subnets and/or hosts of a network, but not the
network.
</dl>
<dt> <strong>all</strong>
<dd> This entry matches anything. It is equivalent to:
<pre>
<strong>0.0.0.0 mask 0.0.0.0</strong>
</pre>
<dt> <strong>default</strong>
<dd> Matches the <strong>default</strong> route. To match, the
address must be the default address and the mask must be all
zeros. This is equivalent to:
<pre>
<strong>0.0.0.0 mask 0.0.0.0 exact</strong>
</pre>
<dt> <strong>host</strong> <var>host</var>
<dd> Matches the specific host. To match, the address must exactly
match the specified <var>host</var> and the network mask must be
a host mask (i.e. all ones). This is equivalent to:
<pre>
<var>host</var> <strong>mask 255.255.255.255 exact</strong>
</pre>
</dl>
<hr>
Last updated 1994/03/16 21:38:19.
<p><ADDRESS>gated@gated.cornell.edu</ADDRESS>
</body>
</html>
