Hi Tristan
This is documented in the man page.
prefix address/len
prefix address/len prefixlen range
prefix address/len or-longer
Currently, you cannot remove "prefixlen" from the specific attached
"prefix". The way that '{}' is implemented cannot split full
parameters, even if the results would be syntactically correct.
I do agree this isn't very intuitive. We'll be looking at the syntax in
the near future.
-peter
On 2017 May 10 (Wed) at 19:00:50 +0200 (+0200), Tristan Pilat wrote:
:Hi OpenBSD team,
:
:I'm facing an odd syntax error in bgpd.conf.
:
:# sysctl -n kern.version
:OpenBSD 6.1 (GENERIC.MP) #4: Sat May 6 09:33:37 CEST 2017
:
[email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
:
:# bgpd -vnf /etc/bgpd.conf
:/etc/bgpd.conf:251: syntax error
:
:# cat -n /etc/bgpd.conf
:[…]
:250 deny to 192.0.2.1
:251 allow to 192.0.2.1 prefix { 203.0.113.0/24, 198.51.100.0/24 } prefixlen
<= 24
:[…]
:
:But if I substitute the line containing brackets for two lines, it's alright.
:
:deny to 192.0.2.1
:allow to 192.0.2.1 prefix 198.51.100.0/24 prefixlen <= 24
:allow to 192.0.2.1 prefix 203.0.113.0/24 prefixlen <= 24
:
:The man page however specifies :
:
:prefix address/len or-longer
: This rule applies only to UPDATES for the specified prefix.
:
: Multiple entries may be specified, separated by commas or
: whitespace, if enclosed in curly brackets:
:
: deny from any prefix { 192.168.0.0/16, 10.0.0.0/8 or-longer }
:
:Am I missing something here?
:
:Regards,
:--
:Tristan
:
--
The right to revolt has sources deep in our history.
-- Supreme Court Justice William O. Douglas
