Please find answers inline:
/So, can we say data traffic would be sent out/in only when the prefix is attahced in physical interface?/
-Yes you are correct, by attaching to physical interface we can filter (allow/deny) the traffic sent to/from prefix (soure/destination) to be filter.
Since firewall filters works/applied directly on IP packet , w.r.t trafffic prefixes will be either of source or destination in IP packet
/and route would be sent/in out only when the prefix is attached in loopback interface or bgp policy, right? /
- Again here we got to remember firewall filter works /applied on IP packet , so we can control/deny(allow/deny) control plane packets for a protocol as a whole, not for a set of prefixes.
For example , we can control(allow/deny) updates from a neighbor as whole , but we cant control filter more specific updates from a neighbor(which update to receive and which update not to receive), something we can do via policy option ( prefix-list,route-filter).
For example below example, if applied to loopback interface will accept all ospf route-updates from ospf neighbor 172.16.1.2
.But if we want to allow only 10/8 network prefixes from a specific neighbor say 172.16.1.2 , we cant do this via firewall filter.
Remember here 172.16.1.2 is the source address field of IP packet
set firewall family inet filter OSPF_FILTER term OSPF_NEIGHBOR from source-address 172.16.1.2/32
set firewall family inet filter OSPF_FILTER term OSPF_NEIGHBOR from protocol ospf
set firewall family inet filter OSPF_FILTER term OSPF_NEIGHBOR then accept
Hope this clarifies.
Please mark this as accepted solution , if it answers your query