[j-nsp] Re: inet forwarding-options filter in a VRF routing-instance
Sorin CONSTANTINESCU
consta at gmail.com
Sat Dec 3 13:14:05 EST 2005
On 12/3/05, Sorin CONSTANTINESCU <consta at gmail.com> wrote:
> Hi, all.
>
> I need to filter traffic from a specific source inside a vrf
> routing-instance. I have an M7i running 7.3R1.5.
>
> The problem is that i don't get any matches on any of the counters.
The main problem is not the fact that the counters don't get updated,
but that traffic with source address 1.2.3.4 isn't dropped.
Thanks.
>
> === cut here ===
> adonay at M7i> show firewall filter filter-vrf-customer
> Filter: filter-vrf-customer
> Counters:
> Name Bytes Packets
> counter-customer-deny-1.2.3.4 0 0
> counter-filter-vrf-customer-accept 0 0
>
> adonay at M7i>
> === and here ===
>
> Here's my config. Thanks,
>
> === cut here ===
> adonay at M7i# show firewall family inet filter filter-vrf-customer
> term 1 {
> from {
> source-address {
> 1.2.3.4/32;
> }
> }
> then {
> count counter-customer-deny-1.2.3.4;
> discard;
> }
> }
> term 2 {
> then {
> count counter-filter-vrf-customer-accept;
> accept;
> }
> }
>
> [edit]
> adonay at M7i#
>
>
> adonay at M7i# show routing-instances vrf-customer-internet forwarding-options
> family inet {
> filter {
> input filter-vrf-customer;
> }
> }
>
> [edit]
> adonay at M7i#
> === and here ===
>
> --
> Sorin CONSTANTINESCU
> JNCIS-M, CCNP
> consta at gmail.com
>
--
Sorin CONSTANTINESCU
JNCIS-M, CCNP
consta at gmail.com
More information about the juniper-nsp
mailing list