Wondering if any of you find folks could help me with this. I want to create a firewall filter and attach it to the Internet Edge of an IRB interface. Below is the syntax. Im running 12.3R6.6 if it matters.
The filter does 2 simple things. Allows traffic in from two source networks (term100), and allows ping from behind the router out to the Internet (term 101) .
I apply the 'set family inet filter input Internet-Filter' to the interface.
The weird thing is term 100 works, term 101 does. I tried attaching it to the output queue. I've tried splitting them up into an input and an output filter. I've tried alot of things. It almost seems like it only takes the first term in the filter. If I remove the filters everything works in all directions, which is bad. Please, help your fellow nerd.
filter Internet-Filter {
term 100 {
from {
source-address {
8.8.0.0/16;
4.4.0.0/16;
}
destination-address {
1XX.XX.50.131/32;
1XX.XX.50.130/32;
}
protocol tcp;
destination-port [ 8080-8085 ];
}
then accept;
}
}
}
term 101 {
from {
source-address {
1XX.XX.50.0/24;
}
destination-address {
0.0.0.0/0;
}
protocol icmp;
}
then accept;
}
}
}