Junos
Reply
Contributor
ralwarrag
Posts: 130
Registered: ‎09-21-2010
0
Accepted Solution

Firewall filter for RE locally originate traffic

Hi Experts

 

How I block the outgoing traffic that originate from the RE like the protocols hello's or ICMP that locally originate

AFAIK the Protect-RE firewall it's for the INPUT traffic destine  for the RE  it self and and the regular Firewall filter it's for the transit traffic

BR ,,,
Trusted Contributor
Gniewko
Posts: 67
Registered: ‎04-14-2008
0

Re: Firewall filter for RE locally originate traffic

Hey,

 

1. Create a firewall filter, i.e:

set firewall family inet filter lo0-out term block-ospf from protocol ospf 

set firewall family inet filter lo0-out term block-ospf then discard

set firewall family inet filter lo0-out term default then accept

2. Apply this filter to the loopback interface (output - from RE, input - to RE), i.e:

set interfaces lo0 unit 0 family inet filter output lo0-out

 

Although my example with OSPF is bad as it's better not to turn it on at all (nothing under [protocols ospf] hierarchy) rather than explicit filtering, however it's only example. 

The key is that you can always filter traffic to and from RE (lo0 input and output, respectively). Be cautious not to filter too much though (default accept, counters in fitlering terms and so on)

 

Thanks,

Contributor
ralwarrag
Posts: 130
Registered: ‎09-21-2010
0

Re: Firewall filter for RE locally originate traffic

Thank you Gniewko , I thought that the RE firewall filter it's also have effect in inbound direction not outbound many thanks for the clarifications  :smileyhappy:

BR ,,,
Trusted Contributor
Gniewko
Posts: 67
Registered: ‎04-14-2008
0

Re: Firewall filter for RE locally originate traffic

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.