[j-nsp] In Search of the Optimal RE Protect Filter - A Journey
Daniel Verlouw
daniel at shunoshu.net
Fri Aug 26 16:38:54 EDT 2011
On Fri, Aug 26, 2011 at 17:38, Clarke Morledge <chmorl at wm.edu> wrote:
> I would love to be proven wrong on this, but I do not think you can use
> "family any" filters on the lo0 interface.
well, it does commit on M and MX running 10.4;
set firewall family any filter test term test then accept count counter
set interfaces lo0 unit 0 family any filter input test
commit
and counter immediately starts increasing;
run show firewall filter test
Filter: test
Counters:
Name Bytes Packets
counter 4812 19
I'm really wondering what exactly it is matching on, is it all
"non-IP" or only some specific layer 2 (control) packets?
--Daniel.
More information about the juniper-nsp
mailing list