[j-nsp] when does egress firewall affect the RE generated packets?

Martin T m4rtntns at gmail.com
Tue Feb 5 11:27:11 EST 2019


Hi,

let's say, that I apply following firewall on ge-0/0/8.0 interface in
"output" direction:

root at vmx1> show configuration firewall family inet6
filter discard_v6 {
    term discard_v6 {
        then {
            count discard_v6;
            discard;
        }
    }
}

root at vmx1>

This breaks neighbor discovery. However, to my surprise, router was
able to send out for example VRRPv3 advertisements on that interface.
Is there some general rule when does the egress firewall on data-plane
interface affect the RE generated packets?


thanks,
Martin


More information about the juniper-nsp mailing list