Junos OS

last person joined: 16 hours ago 

Ask questions and share experiences about Junos OS.

  • 1.  Firewall filter for RE locally originate traffic

    Posted 02-29-2012 05:47

    Hi Experts

     

    How I block the outgoing traffic that originate from the RE like the protocols hello's or ICMP that locally originate

    AFAIK the Protect-RE firewall it's for the INPUT traffic destine  for the RE  it self and and the regular Firewall filter it's for the transit traffic



  • 2.  RE: Firewall filter for RE locally originate traffic
    Best Answer

    Posted 02-29-2012 06:19

    Hey,

     

    1. Create a firewall filter, i.e:

    set firewall family inet filter lo0-out term block-ospf from protocol ospf 

    set firewall family inet filter lo0-out term block-ospf then discard

    set firewall family inet filter lo0-out term default then accept

    2. Apply this filter to the loopback interface (output - from RE, input - to RE), i.e:

    set interfaces lo0 unit 0 family inet filter output lo0-out

     

    Although my example with OSPF is bad as it's better not to turn it on at all (nothing under [protocols ospf] hierarchy) rather than explicit filtering, however it's only example. 

    The key is that you can always filter traffic to and from RE (lo0 input and output, respectively). Be cautious not to filter too much though (default accept, counters in fitlering terms and so on)

     

    Thanks,



  • 3.  RE: Firewall filter for RE locally originate traffic

    Posted 02-29-2012 06:24

    Thank you Gniewko , I thought that the RE firewall filter it's also have effect in inbound direction not outbound many thanks for the clarifications  Smiley Happy



  • 4.  RE: Firewall filter for RE locally originate traffic

    Posted 02-29-2012 06:30

    No worries.

    Here you have better explanation: http://www.juniper.net/techpubs/software/junos/junos94/swconfig-policy/applying-firewall-filters-to-interfaces.html

     

    Thanks;