[j-nsp] J-Series: filtering only RE-bound traffic?

Jonathan Lassoff jof at thejof.com
Wed Sep 15 20:41:24 EDT 2010


I'm trying to setup some filtering on my loopback and WAN interfaces
to only filter RE-bound traffic.

I'm doing this by applying a "filter input" term to the iff-level
(interface xxx unit xxx family [inet/inet6]), but this filter seems to
also catch traffic being forwarded from the WAN interfaces, so the
filter is affecting downstream traffic as well.

On platforms I've used in the past (M and MX -- "real" PFEs), these
filter terms only catch locally-bound traffic and not things
transiting the router. Is there a way to do some sort of similar
classification on J-series as well?

I have my box configured with the included "router" mode template
(packet-based forwarding, all interfaces in a trusted security zone,
etc.)

Cheers,
jof


More information about the juniper-nsp mailing list