Configuring Inbound Route Filters for IPv4 OSPFv2 in Gaia Clish

Important - In a Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing., you must configure all the Cluster Members in the same way.

OSPF inbound route filters only apply to OSPF ASE routes.

Intra-area and inter-area OSPF routes are always installed.

The default behavior is to accept all OSPF ASE routes.

To see the available "set" commands for IPv4 Inbound Route Filters, enter in Gaia Clish The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell).:

set inbound-route-filter[Esc][Esc]

To see the configured IPv4 Inbound Route Filters, enter in Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. Clish:

show configuration inbound-route-filter

Syntax

set inbound-route-filter ospf2 [instance <OSPF Instance Number>]

accept-all-ipv4

rank {<0-255> | default}

restrict-all-ipv4

route <IPv4 Address>/<Mask Length>

accept

between <Start IPv4 Mask Length> and <End IPv4 Mask Length> on

between <Start IPv4 Mask Length> and <End IPv4 Mask Length> restrict on

exact on

exact restrict on

normal on

normal restrict on

off

rank {<0-255> | default}

refines on

refines restrict on

Parameters

Parameter	Description
`set inbound-route-filter ospf2 [instance <OSPF Instance Number>]`	Configures the IPv4 OSPFv2 Import Policy (for the specified OSPF instance).
`accept-all-ipv4`	Accepts all IPv4 routes that match this filter, except those route that are explicitly restricted by a more specific rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session.. Accepting routes is the default behavior, unless the "restrict" option is configured.
`rank {<0-255> \| default}`	Assigns a rank to all incoming routes that match this filter, except those that match a more specific rule with a different rank configured. Range: 0-255, or default Default: The protocol rank configured for "`OSPFASE`". Run the "`show protocol-rank`" command.
`restrict-all-ipv4`	Rejects all IPv4 routes that match this filter, except those that match a more specific filter that is set to "accept".
`route <IPv4 Address>/<Mask Length>`	Configures import policy for a specific network. Range: Dotted-quad ([0-255].[0-255].[0-255].[0-255]) / [0-32] Default: None
`route <IPv4 Address>/<Mask Length> accept`	Accepts this route.
`route <IPv4 Address>/<IPv4 Mask Length> between <Start IPv4 Mask Length> and <End IPv4 Mask Length> on`	There are different mechanisms, by which routes can be matched against the configured subnet. A match type must be configured following the subnet. Accepts any route with prefix equal to the specified network, whose mask length falls within a particular range.
`route <IPv4 Address>/<IPv4 Mask Length> between <Start IPv4 Mask Length> and <End IPv4 Mask Length> restrict on`	There are different mechanisms, by which routes can be matched against the configured subnet. A match type must be configured following the subnet. Rejects all routes that match this policy rule, except those that match a more specific filter that is set to "accept".
`route <IPv4 Address>/<Mask Length> exact on`	There are different mechanisms, by which routes can be matched against the configured subnet. A match type must be configured following the subnet. Accepts only routes with prefix and mask length exactly equal to the specified network.
`route <IPv4 Address>/<Mask Length> exact restrict on`	There are different mechanisms, by which routes can be matched against the configured subnet. A match type must be configured following the subnet. Rejects all routes that match this policy rule, except those that match a more specific filter that is set to "accept".
`route <IPv4 Address>/<Mask Length> normal on`	There are different mechanisms, by which routes can be matched against the configured subnet. A match type must be configured following the subnet. Accepts any route equal to or contained within the specified network.
`route <IPv4 Address>/<Mask Length> normal restrict on`	There are different mechanisms, by which routes can be matched against the configured subnet. A match type must be configured following the subnet. Rejects all routes that match this policy rule, except those that match a more specific filter that is set to "accept".
`route <IPv4 Address>/<Mask Length> off`	Removes this address filter from this import policy.
`route <IPv4 Address>/<Mask Length> rank {<0-255> \| default}`	Assigns a rank to all incoming routes that match this filter, except those that match a more specific rule with a different rank configured. Range: 0-255, or default Default: The protocol rank configured for "`OSPFASE`". Run the "`show protocol-rank`" command.
`route <IPv4 Address>/<Mask Length> refines on`	There are different mechanisms, by which routes can be matched against the configured subnet. A match type must be configured following the subnet. Matches routes contained within the specified network, but only more specific (for example, with a greater mask length).
`route <IPv4 Address>/<Mask Length> refines restrict on`	There are different mechanisms, by which routes can be matched against the configured subnet. A match type must be configured following the subnet. Rejects all routes that match this policy rule, except those that match a more specific filter that is set to "accept".