[j-nsp] EX4650 - loopback filter - ospf

[Chriztoffer]

On Tue, 21 Mar 2023 at 10:29, Laurent CARON via juniper-nsp
<juniper-nsp at puck.nether.net> wrote:
> set firewall family inet filter filter-management term accept-ospf from
> protocol ospf
> set firewall family inet filter filter-management term accept-ospf then
> count filter-management-accept-ospf
> set firewall family inet filter filter-management term accept-ospf then log
> set firewall family inet filter filter-management term accept-ospf then
> syslog
> set firewall family inet filter filter-management term accept-ospf then
> accept
> set firewall family inet filter filter-management term accept-ospf-igmp
> from destination-prefix-list ospf-routers
> set firewall family inet filter filter-management term accept-ospf-igmp
> from protocol igmp
> set firewall family inet filter filter-management term accept-ospf-igmp
> then count filter-management-accept-ospf-igmp
> set firewall family inet filter filter-management term accept-ospf-igmp
> then accept
>
>
> If my filter stops here (implicit discard), ospf sessions previously
> established eventually fail.
>
> If the last term is a default accept, OSPF is working fine.

https://www.juniper.net/documentation/us/en/software/junos/interfaces-adaptive-services/topics/ref/statement/destination-prefix-list-edit-services-stateful-firewall.html

https://www.juniper.net/documentation/us/en/software/junos/interfaces-adaptive-services/topics/ref/statement/source-prefix-list-edit-services-stateful-firewall.html

Is the prefix list "ospf-routers" intended to match against source
and/or destination IPv4/v6 addresses in the particular RE_FILTER rule?