[j-nsp] Filter on lo0, MX80
Per Granath
per.granath at gcc.com.cy
Thu Feb 2 02:38:45 EST 2012
> However, I also need to accept OSPF and BGP.
>
> I dont want to allow BGP on ge-1/0/0. This should be done at lo0.
>
> But If I accept BGP on ge-1/0/0, I also need to accept it on lo0 to get it to work.
>
> Is it possible to have different rules for incomning interface and lo0?
BGP is a TCP connection to your routing engine, so the rule for that session only needs to be on the lo0 interface.
Whatever is on your "ge" interface would typically be for transit traffic - and not traffic to the router itself.
For BGP, use a new 'term' with a 'from' (which really is an "if" statement):
'source-address' of your peer
'protocol tcp'
'port bgp'
More information about the juniper-nsp
mailing list