[Contents] [Prev] [Next] [Index] [Report an Error]

Example: Configure Unicast RPF

Configure unicast RPF strict mode, and apply a fail filter that allows the interface to accept BOOTP packets and DHCP packets. The filter accepts all packets with a source address of 0.0.0.0 and a destination address of 255.255.255.255.

[edit firewall]

filter rpf-special-case-dhcp-bootp {

    term allow-dhcp-bootp {

        from {

            source-address {

                0.0.0.0/32;

            destination-address {

                255.255.255.255/32;

        then {

            count rpf-dhcp-bootp-traffic;

            accept;

    term default {

        then {

            log;

            reject;

[edit]

interfaces {

    so-0/0/0 {

        unit 0 {

            family inet {

                rpf-check fail-filter rpf-special-case-dhcp-bootp;

[Contents] [Prev] [Next] [Index] [Report an Error]