[Contents] [Prev] [Next] [Index] [Report an Error]

Filtering BGP Peers

If BGP is configured, we recommend using a firewall filter to restrict BGP connections to configured BGP peers.

This example firewall filter limits all TCP connection attempts to port 179 , the BGP port, from all addresses except the configured BGP peers. The filter is applied to the loopback lo0 interface as an input filter, and rejects (silently discards) any packets that are not valid.

Note: This firewall filter is only an example; do not copy the addressing specifics and use them on an actual system.

Configure the policy options and firewall filter:

[edit policy-options]
filter bgp_179 {
    term one {
        from {
            source-address {
                172.17.12.1/32;
            }
            destination-port 179;
        }

        then accept;
    }
}

Apply the input filter to lo0;

[edit interfaces lo0 unit 0 family inet]filter {input bgp_179;}

You can also configure MD5 authentication for BGP. For more information on BGP authentication, see Junos Routing Protocols Configuration Guide.

[Contents] [Prev] [Next] [Index] [Report an Error]