 |
Note: This firewall filter is only an example; do not copy the addressing specifics and use them on an actual system. |
If BGP is configured, we recommend using a firewall filter to restrict BGP connections to configured BGP peers.
This example firewall filter limits all TCP connection attempts to port 179 , the BGP port, from all addresses except the configured BGP peers. The filter is applied to the loopback lo0 interface as an inut filter, and rejects (silently discards) any packets that are not valid.
|
Note: This firewall filter is only an example; do not copy the addressing specifics and use them on an actual system. |
Configure the policy options and firewall filter:
- [edit policy-options]
- prefix-list bgp179 {
- apply-path “protocol bgp group <*> neighbor <*>;
- }
- }
- [edit firewall family inet]
- filter BGP-179 {
- term one {
-
- from {
-
- source-address {
- 0.0.0.0/0;
- }
-
- source-prefix-list {
- bgp179 except;
- }
- destination-port bgp;
- }
- then reject;
- }
- term two
-
- then {
-
- then accept
- }
- }
Apply the input filter to lo0;
- [edit interfaces lo0 unit 0 family inet]
- filter {
- input BGP-179;
- }
You can also configure MD5 authentication for BGP. For more information on BGP authentication, see JUNOS Routing Protocols Configuration Guide.
 | Copyright © 2008, Juniper Networks, Inc. All Rights Reserved. Trademark Notice. | |