Fortinet FortiGate 4000 Benutzerhandbuch
RIP configuration
Adding RIP filters
FortiGate-4000 Installation and Configuration Guide
171
Adding RIP filters
Use the Filter page to create RIP filter lists and assign RIP filter lists to the neighbors
filter, incoming route filter, or outgoing route filter. The neighbors filter allows or denies
updates from other routers. The incoming filter accepts or rejects routes in an
incoming RIP update packet. The outgoing filter allows or denies adding routes to
outgoing RIP update packets.
filter, incoming route filter, or outgoing route filter. The neighbors filter allows or denies
updates from other routers. The incoming filter accepts or rejects routes in an
incoming RIP update packet. The outgoing filter allows or denies adding routes to
outgoing RIP update packets.
Each entry in a RIP filter list consists of a prefix (IP address and netmask), the action
RIP should take for this prefix (allow or deny), and the interface to which to apply this
RIP filter list entry. When RIP applies a filter while processing an update packet, it
starts at the top of the filter list and works down through the list looking for a matching
prefix. If RIP finds a matching prefix, it then checks that the interface in the filter list
entry matches the interface that the packet is received or sent on. If both prefix and
interface match, RIP takes the action specified. If no match is found, the default action
is allow.
RIP should take for this prefix (allow or deny), and the interface to which to apply this
RIP filter list entry. When RIP applies a filter while processing an update packet, it
starts at the top of the filter list and works down through the list looking for a matching
prefix. If RIP finds a matching prefix, it then checks that the interface in the filter list
entry matches the interface that the packet is received or sent on. If both prefix and
interface match, RIP takes the action specified. If no match is found, the default action
is allow.
• For the neighbors filter, RIP attempts to match prefixes in the filter list against the
source address in the update packet.
• For the incoming filter, RIP attempts to match prefixes in the filter list against
prefixes in the routing table entries in the update packet.
• For the outgoing filter, RIP attempts to match prefixes in the filter list against
prefixes in the RIP routing table.
You can add up to four RIP filter lists to the FortiGate RIP configuration. You can then
select one RIP filter list for each RIP filter type: neighbors, incoming routes, outgoing
routes. If you do not select a RIP filter list for any of the RIP filter types, no filtering is
applied.
select one RIP filter list for each RIP filter type: neighbors, incoming routes, outgoing
routes. If you do not select a RIP filter list for any of the RIP filter types, no filtering is
applied.
This section describes:
•
•
•
•
Adding a RIP filter list
Each entry in a RIP filter list consists of a prefix (IP address and netmask), the action
RIP should take for this prefix (allow or deny), and the interface to which to apply this
RIP filter list entry.
RIP should take for this prefix (allow or deny), and the interface to which to apply this
RIP filter list entry.
To add a RIP filter list
1
Go to System > RIP > Filter.
2
Select New to add a RIP filter.
Note: To block all updates not specifically allowed in a filter list, create an entry at the bottom of
the filter list with a prefix with 0.0.0.0 for the IP address, 0.0.0.0 for the netmask, and action set
to deny. Because RIP uses the first match it finds in a top down search of the filter list, all the
allowed entries are matched first, and all other entries for the specified interface are matched by
the last entry and denied. Create a separate entry at the bottom of the filter list for each
interface for which you want to deny all updates not specifically allowed.
the filter list with a prefix with 0.0.0.0 for the IP address, 0.0.0.0 for the netmask, and action set
to deny. Because RIP uses the first match it finds in a top down search of the filter list, all the
allowed entries are matched first, and all other entries for the specified interface are matched by
the last entry and denied. Create a separate entry at the bottom of the filter list for each
interface for which you want to deny all updates not specifically allowed.