[j-nsp] implementing filters on all interfaces
Harry Reynolds
harry at juniper.net
Wed Apr 23 09:07:51 EDT 2003
Please note that a lo0 filter will take effect only for traffic
terminating (input) or originating output) on the local RE, i.e.,
transit traffic is unaffected.
You can use groups to apply filters to "groups" of interfaces:
[edit]
lab at r2# show groups
test {
interfaces {
<*> { <<< catches all, I suggest something more like <fe-*>,
<so-*>, etc.
unit <*> {
family inet {
filter {
input test;
}
}
}
}
}
}
[edit]
lab at r2# show interfaces fe-0/0/0 | display inheritance
unit 0 {
family inet {
##
## 'filter' was inherited from group 'test'
##
filter {
##
## 'test' was inherited from group 'test'
##
input test;
}
address 3.2.1.2/24;
}
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net]On Behalf Of
> Pekka Savola
> Sent: Wednesday, April 23, 2003 2:22 AM
> To: Adam Szymajda
> Cc: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] implementing filters on all interfaces
>
>
> On Wed, 23 Apr 2003, Adam Szymajda wrote:
> > Do you know any way to implement filters on all the interfaces
> > simultaneously? I mean sth like cisco's "ip receive acl".
>
> That's not what "ip receive acl" is, AFAIR.
>
> The equivalent behaviour can be achieved using input
> filter on lo0.0
> interface, though.
>
> --
> Pekka Savola "You each name yourselves
> king, yet the
> Netcore Oy kingdom bleeds."
> Systems. Networks. Security. -- George R.R. Martin: A
> Clash of Kings
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list