02-29-2012 05:47 AM
How I block the outgoing traffic that originate from the RE like the protocols hello's or ICMP that locally originate
AFAIK the Protect-RE firewall it's for the INPUT traffic destine for the RE it self and and the regular Firewall filter it's for the transit traffic
Solved! Go to Solution.
02-29-2012 06:18 AM
1. Create a firewall filter, i.e:
set firewall family inet filter lo0-out term block-ospf from protocol ospf
set firewall family inet filter lo0-out term block-ospf then discard
set firewall family inet filter lo0-out term default then accept
2. Apply this filter to the loopback interface (output - from RE, input - to RE), i.e:
set interfaces lo0 unit 0 family inet filter output lo0-out
Although my example with OSPF is bad as it's better not to turn it on at all (nothing under [protocols ospf] hierarchy) rather than explicit filtering, however it's only example.
The key is that you can always filter traffic to and from RE (lo0 input and output, respectively). Be cautious not to filter too much though (default accept, counters in fitlering terms and so on)
02-29-2012 06:24 AM
Thank you Gniewko , I thought that the RE firewall filter it's also have effect in inbound direction not outbound many thanks for the clarifications
02-29-2012 06:30 AM
Here you have better explanation: http://www.juniper.net/techpubs/software/junos/junos94/swconfig-policy/applying-firewall-filters-to-...