[j-nsp] Filter on lo0, MX80
Jonas Björklund
jonas at bjorklund.cn
Mon Jan 30 00:50:19 EST 2012
Hello,
Im trying a basic filer to deny traffic to lo0.
SSH, OSPF and ICMP is allowed.
It doesnt work, it allows all traffic.
Same filter work on a ge-interface.
ge-1/0/0 {
unit 0 {
family inet {
filter {
input admin-access;
}
address 10.1.1.1/29;
}
}
}
lo0 {
unit 0 {
family inet {
filter {
input admin-access;
}
address 10.2.1.1/32;
}
}
}
firewall {
family inet {
filter admin-access {
term ssh-access {
from {
address {
10.1.2.0/24;
}
}
then accept;
}
term icmp {
from {
protocol icmp;
}
then accept;
}
term ospf {
from {
protocol ospf;
}
then accept;
}
term deny {
then {
reject;
}
}
}
}
}
Any ideas?
/Jonas
More information about the juniper-nsp
mailing list