[j-nsp] Preventing router from giving up it's IP in traceroutes

[Phil Rosenthal]

Is there any reliable non-kludge way of making the juniper not send out
time-exceeded responses, or doing it from a consistently incorrect address?

# show firewall filter route-engine-out
term no-expire-out {
    from {
        icmp-type time-exceeded;
    }
    then discard;
}
term allow-rest {
    then accept;
}

[edit]

Applying this as an outbound filter on lo0 seems to have no effect.
I could put a filter on all interfaces, but this seems to be too much work
to maintain...

--Phil
ISPrime