Related
Documentation
Filter-Based Forwarding for Routing Instances
Copyright © 2017, Juniper Networks, Inc.
Broadcast packets
IP option packets
NOTE:
Though policer action can be attached to looback filters in ingress
direction, behavior will be dependent on CPU RX queue configurations. Rate
limiting in ingress direction (through policer configuration) will be sub-set of
CPU rate limiters.
The following is a sample configuration for attaching a firewall to the loopback interface:
[edit interfaces]
lo0 {
unit 0 {
family <inet | inet6> {
filter {
input f1;
}
}
}
}
family <inet | inet6>{
filter f1 {
interface-specific; >> Mandatory Field.
term t1 {
from {
protocol ospf;
}
then {
count c1;
discard;
}
}
term t2 {
then {
count c2;
accept;
}
}
}
}
You can use stateless firewall filters in routing instances to control how packets travel
in a network for IPv4 and IPv6 traffic. This is called filter-based forwarding.
You can define a firewall filtering term that directs matching packets to a specified routing
instance. This type of filtering can be configured to route specific types of traffic through
Chapter 32: Configuring Firewall Filters
1081