Junos OS

last person joined: 23 hours ago 

Ask questions and share experiences about Junos OS.

  • 1.  Blocking icmp and traceroute problem

    Posted 07-23-2013 01:54

    I'm using firewall filter on loopback interface on ex series for icmp blocking. Rules are working well at the ex series But when i use the same  rules at the mx 960. Rules aren't working. Do you know any bug on mx series?

    from {
    protocol icmp;
    }
    then discard;



  • 2.  RE: Blocking icmp and traceroute problem
    Best Answer

    Posted 07-26-2013 02:18

    I fixed that with following rules

    term trace {
    from {
    protocol udp;
    ttl 1;
    }
    then {
    count trace;
    discard;
    }
    }
    term icmp-trace {
    from {
    protocol icmp;
    ttl 1;
    }
    then {
    discard;
    }
    }



  • 3.  RE: Blocking icmp and traceroute problem

    Posted 07-26-2013 02:48

    Hello,

    The TTL=1 packets are discarded on MX linecard and never reach Routing Engine hence never processed by lo0 filter.

    Also ICMP Unreachables are generated on  MX linecard too.

    HTH

    Thanks

    Alex

     



  • 4.  RE: Blocking icmp and traceroute problem

    Posted 07-26-2013 02:58

    I didn't use at the lo0 interface, so It's not problem for me 🙂



  • 5.  RE: Blocking icmp and traceroute problem

    Posted 01-08-2014 10:54

    Hello,

     

    Is it recomended to put a firewall filter on interface xe-0/0/0 to discard silently the TTL 1 traffic knwoing that it carry a 6gbit/s traffic ? are there any other way to do it ?

     

    Thank you.