 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
This example firewall filter finds frames with a certain source MAC address (88:05:00:29:3c:de/48), then counts and silently discards them. For more information about configuring firewall filter match conditions, see the JUNOS Policy Framework Configuration Guide. The filter is applied to the VLAN configured as vlan100200 as an input filter on Router 1.
Router 1
Configure the firewall filter:
- [edit firewall]
- family bridge {
-
- filter evil-mac-address {
-
- term one {
-
- from {
- source-mac-address 88:05:00:29:3c:de/48;
- }
-
- then {
- count evil-mac-address; # Counts frame with the bad source
MAC address
- discard;
- }
-
- term two {
- then accept; # Make sure to accept other traffic
- }
- }
- }
Apply to Virtual Switch
Apply as an input filter to vlan100200 on Router 1:
- [edit routing-instances virtual-switch-R1-1]
- bridge-domains {
-
- vlan100200 {
- domain-type bridge;
-
- forwarding-options {
-
- filter {
- input evil-mac-address;
- }
- }
- }
- }
| Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |