Overview

You set up a forwarding table filter in essentially the same way a firewall filter: you define it, then you apply it. However, you apply the filters differently:

• Instead of applying a forwarding table filter to an interface, you apply it to a forwarding table, which is associated with a routing instance and a virtual private network (VPN).
• Instead of applying input and output firewall filters, by default, you can apply an input forwarding table filter only.

All packets are subjected to the input forwarding table filter that applies to the forwarding table. A forwarding table filter controls which packets the router accepts and performs a forwarding table lookup for, thereby controlling which packets the router forwards on the interfaces.

When the router receives a packet, it determines where to forward the packet by looking in a forwarding table, which is associated with the VPN on which the packet will be sent, for the best route to the destination. The router then forwards the packet toward its destination through the appropriate interface.

NOTE: Forwarding table filtering is not supported on the interfaces you configure as tunnel sources. This affects only the transit packets exiting the tunnel.