[Contents] [Prev] [Next] [Index] [Report an Error]

Applying a Stateless Firewall Filter to an Interface

You can apply a stateless firewall to the input or output sides, or both, of an interface. To filter packets transiting the device, apply the firewall filter to any non-Routing Engine interface. To filter packets originating from, or destined for, the Routing Engine, apply the firewall filter to the loopback (lo0) interface.

For example, to apply the firewall filter protect-RE to the input side of the Routing Engine interface, follow this procedure:

  1. Perform the configuration tasks described in Table 173.
  2. If you are finished configuring the router, commit the configuration.

Table 173: Applying a Firewall Filter to the Routing Engine Interface

Task

J-Web Configuration Editor

CLI Configuration Editor

Navigate to the Inet level in the configuration hierarchy.

(See the interface naming conventions in Network Interface Naming.)
  1. In the J-Web interface, select Configuration>View and Edit>Edit Configuration.
  2. Next to Interfaces, click Configure or Edit.
  3. Under Interface name, click lo0.
  4. Under Interface unit number, click 0.
  5. Under Family, make sure the Inet check box is selected, and click Configure or Edit.

From the [edit] hierarchy level, apply the filter to the interface:

set interfaces lo0 unit 0 family inet filter input protect-RE

Apply protect-RE as an input filter to the lo0 interface.
  1. Next to Filter, click Configure.
  2. In the Input box, type protect-RE.
  3. Click OK five times.

To view the configuration of the Routing Engine interface, enter the show interfaces lo0 command. For example:

user@host# show interfaces lo0
unit 0 {
family inet {
filter {
input protect-RE;
}
address 127.0.0.1/32;
}
}
[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.