Apply Firewall Filters
To apply firewall filters to an interface, include the
filterstatement at the[edit interfacesinterface-nameunitlogical-unit-numberfamily (inet | inet6 | mpls)]hierarchy level:[edit interfaces]interfacesinterface-name{unitlogical-unit-number{family (inet | inet6 | mpls) {filter{groupfilter-group-number;inputfilter-name;outputfilter-name;}}}}In the
groupstatement, specify the interface group number to associate with the filter.In the
inputstatement, list the name of one firewall filter to be evaluated when packets are received on the interface.In the
outputstatement, list the name of one firewall filter to be evaluated when packets are transmitted on the interface.You can use the same filter one or more times.
If you apply the filter to the interface
lo0, it is applied to packets received or transmitted by the Routing Engine. You cannot apply MPLS filters to the management interface (fxp0) or the loopback interface (lo0).For more information about firewall filters, see the JUNOS Internet Software Configuration Guide: Policy Framework. For more information about MPLS filters, see the JUNOS Internet Software Configuration Guide: MPLS Applications.
Define Interface Groups in Firewall Filters
When applying a firewall filter, you can define an interface to be part of an interface group. Packets received on that interface are tagged as being part of the group. You can then match these packets using the
interface-groupmatch statement, as described in the JUNOS Internet Software Configuration Guide: Policy Framework.To define the interface to be part of an interface group, include the
groupstatement at the[edit interfacesinterface-nameunitlogical-unit-numberfamily (inet | inet6 | mpls) filter]hierarchy level:[edit interfaces]interfacesinterface-name{unitlogical-unit-number{family (inet | inet6 | mpls) {filter{groupfilter-group-number;}}}}