router : prefix-list, prefix-list6
 
prefix-list, prefix-list6
Use this command to add, edit, or delete prefix lists. A prefix list is an enhanced version of an access list that allows you to control the length of the prefix netmask. Prefix lists are called by routing protocols such as RIP or OSPF.
Each rule in a prefix list consists of a prefix (IP address and netmask), the action to take for this prefix (permit or deny), and maximum and minimum prefix length settings.
The FortiGate unit attempts to match a packet against the rules in a prefix list starting at the top of the list. If it finds a match for the prefix it takes the action specified for that prefix. If no match is found the default action is deny. A prefix-list should be used to match the default route 0.0.0.0/0.
config router setting uses prefix-list to filter the displayed routes. For more information, see “setting”.
Syntax
config router prefix-list, prefix-list6
edit <prefix_list_name>
set comments <string>
config rule
edit <prefix_rule_id>
set action {deny | permit}
set ge <length_integer>
set le <length_integer>
set prefix {<address_ipv4mask> | any}
set prefix6 {<address_ipv6mask> | any}
end
end
The action and prefix fields are required. All other fields are optional.
Variable
Description
Default
edit <prefix_list_name>
Enter a name for the prefix list. A prefix list and an access list cannot have the same name.
No default.
config rule variables
edit <prefix_rule_id>
Enter an entry number for the rule. The number must be an integer.
No default.
action {deny | permit}
Set the action to take for this prefix.
permit
comments <string>
Enter a description of this access list entry. The description can be up to 127 characters long.
 
ge <length_integer>
Match prefix lengths that are greater than or equal to this number. The setting for ge should be less than the setting for le. The setting for ge should be greater than the netmask set for prefix. length_integer can be any number from 0 to 32.
0
le <length_integer>
Match prefix lengths that are less than or equal to this number. The setting for le should be greater than the setting for ge. length_integer can be any number from 0 to 32.
32
prefix
{<address_ipv4mask> | any}
Enter the prefix (IPv4 address and netmask) for this prefix list rule or enter any to match any prefix. The length of the netmask should be less than the setting for ge. If prefix is set to any, ge and le should not be set.
This variable only available for prefix-list command.
0.0.0.0
0.0.0.0
prefix6 {<address_ipv6mask> | any}
Enter the prefix (IPv6 address and netmask) for this prefix list rule or enter any to match any prefix. The length of the netmask should be less than the setting for ge. If prefix6 is set to any, ge and le should not be set.
This variable only available for prefix-list6 command.
::/0