OPNsense Forum

Hi,

Is there a way in the GUI of the FRR plugin or in cli to prevent OSPF from injecting a default route to a specific OSPF neighbor?

Thank you,

Nicolas

Uncheck the box?

https://docs.opnsense.org/manual/how-tos/dynamicrouting_ospf.html

Regards,
S.

Or create a prefix list where you deny the default route and apply it to the specific neighbor.

Regards,
S.

Hi Seimus,

In cli of the FRR plugin, that option is not present it seems.

I made a prefix list:

OSPF: ip prefix-list DEFAULT_ROUTE: 1 entries
   seq 1 deny 0.0.0.0/0

but when I try to apply this list to the neighbor :

opnsense.srvnic.com(config-router)# neighbor 9.9.9.9
  <cr>
  poll-interval  Dead Neighbor Polling interval
  priority       Neighbor Priority
opnsense.srvnic.com(config-router)# neighbor 9.9.9.9

There no option to apply the list on the neighbor.

Im i missing something?

Thank you,

Nicolas

Its applied depending on the design of OSPF. Either under area or interface. But tell me 1st two things

1. Are you having P2P OSPF or DR/BDR design
2. Why you are doing it on OPNsense via CLI and not via GUI?

Regards,
S.

Hi Seimus,

The neighbor in question is fonctionning with a network type Point to Point in area 1.1.1.1. In the GUI, I dont see a way to exclude the default route to a specific neighbor. Thats why i tried in CLI.

Thank you,

Nick

I see,

Well do it via GUI. You can apply prefix-list via the networks TAB, you choose the Network you want and there is the option to set it. Inbound for receving prefixes, Outbound for advertisement.

Btw this will not work

OSPF: ip prefix-list DEFAULT_ROUTE: 1 entries
   seq 1 deny 0.0.0.0/0

prefix-list have an explicit deny which means it will block everything you need a second entry in that prefix-list to allow everything else

ip prefix-list DEFAULT_ROUTE
 seq 1 deny 0.0.0.0/0
 seq 2 permit 0.0.0.0/0 le 32

Regards,
S.

Hi Seimus,

Thanks for your latest awnser. Did what you recommended, but im getting an error in the nerwork tab.

2025-01-08T16:37:12-05:00   Error   ospfd   [SHWNK-NWT5S][EC 100663304] Command returned Warning Config Failed on config line 32: network 10.0.0.0/8 area 1.1.1.1

!
router ospf
 ospf router-id 1.1.1.1
 log-adjacency-changes
 area 1.1.1.1 filter-list prefix test in
 area 1.1.1.1 filter-list prefix test out
 default-information originate metric 1
exit
!

!
ip prefix-list test seq 10 deny 0.0.0.0/0
ip prefix-list test seq 20 permit 0.0.0.0/0 le 32
!
end

!
interface ipsec1
 ip ospf area 1.1.1.1
 ip ospf network point-to-point
exit
!

It is still sending the default route to the neighbor in area 1.1.1.1.

What i'm I missign here?

Thank you,

Nick

The error

Quote2025-01-08T16:37:12-05:00   Error   ospfd   [SHWNK-NWT5S][EC 100663304] Command returned Warning Config Failed on config line 32: network 10.0.0.0/8 area 1.1.1.1

Is most likely related to the filled in network field, try to let it blank dont fill it. And see if it makes any difference. I think the 1st two fields including network in this section is not anymore used and its obsolete.

Otherwise the commands that were configured into frr looks good per the official docs


 area 1.1.1.1 filter-list prefix test in
 area 1.1.1.1 filter-list prefix test out
Just keep in mind that this is used for filtering Type-3 summary-LSAs to/from area using prefix lists so its usable in ABR only.

If this is not Type-3 LSA then you have only 1 valid option.

Filtering prefixes between AREAs:
1. prefix-list
used for filtering Type-3 summary-LSAs to/from area using prefix lists so its usable in ABR only

2. Route-map
But this is used in conjunction with redistribution which you are not running. This gives sense only in ASBR

3. distribute-list out

Quotedistribute-list NAME out <kernel|connected|static|rip|isis|bgp|eigrp|nhrp|table|vnc|babel|openfabric>
Apply the access-list filter, NAME, to redistributed routes of the given type before allowing the routes to be redistributed into OSPF

But this is used in conjunction with redistribution which you are not running. This gives sense only in ASBR

Advertisement of default route:
1. General > Untick Advertise Default Gateway (this will disable default-information originate metric 1)
Basically because you have this one enabled you see the default route to be advertised

Controlling prefixes installed in a uRIB - locally significant
1. If your Neighbor device is CISCO, use distribute-list in on the CISCO router to exclude a route being installed into the uRIB.


As this is OSPF you can not prevent an advertisement of a prefix/route to a specific neighbor. Because we advertise and control prefixes in a AREA not in a neighborship.
Only the Option 3 is locally significant per the Router implemented. With Option 3 you can control what routes should be installed from OSPF database into uRIB, which means the routes still will be advertised with OSPF LSA but just not installed on the specific router having the specific distribute-list implementation.

Regards,
S.