[j-nsp] Filter on lo0, MX80
Jonas Björklund
jonas at bjorklund.cn
Wed Feb 1 14:07:00 EST 2012
>> [edit firewall family inet filter admin-access]
>> user at host# show
>> term ssh-access {
>> from {
>> source-address {
>> 10.1.2.0/24;
>> }
>> protocol tcp;
>> destination-port ssh;
>> }
>> then accept;
>> }
>
> Thanks! source-address solved the problem.
However, I also need to accept OSPF and BGP.
I dont want to allow BGP on ge-1/0/0. This should be done at lo0.
But If I accept BGP on ge-1/0/0, I also need to accept it on lo0 to get it to work.
Is it possible to have different rules for incomning interface and lo0?
/Jonas
More information about the juniper-nsp
mailing list