[Contents] [Prev] [Next] [Index] [Report an Error]

Example: Blocking TCP Connections to a Certain Port Except from BGP Peers

Block all TCP connection attempts to port 179 from all requesters except the specified BGP peers:



[edit]
firewall {


family inet {


filter bgp179 {


term 1 {


from {


source-address {
0.0.0.0/0;
}




source-prefix-list {
bgp179 except;
}


destination-port bgp;
}




then {
reject;
}


}




term 2 {


then {
accept;
}


}


}


}


}

Expand the prefix list bgp179 to include all BGP group neighbors:



[edit policy-options]
prefix-list bgp179 {
apply-path "protocols bgp group <*> neighbor <*>"; 
}

Apply the filter bgp179 to interface lo0:



[edit interfaces lo0]
root@hostname# show

unit 0 {


family inet {


filter {
input bgp179;
}


address 10.0.0.1/32;
}


}

[Contents] [Prev] [Next] [Index] [Report an Error]