[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
Example: Configuring Unicast RPF
Configure unicast RPF strict mode, and apply a
fail filter that allows the interface to accept BOOTP packets and
DHCP packets. The filter accepts all packets with a source address
of 0.0.0.0 and a destination address of 255.255.255.255.
- [edit firewall]
- filter rpf-special-case-dhcp-bootp {
-
- term allow-dhcp-bootp {
-
- from {
-
- source-address {
- 0.0.0.0/32;
- }
-
- address {
- 255.255.255.255/32;
- }
- }
-
- then {
- count rpf-dhcp-bootp-traffic;
- accept;
- }
- }
-
- term default {
-
- then {
- log;
- reject;
- }
- }
- }
- [edit]
- interfaces {
-
- so-0/0/0 {
-
- unit 0 {
-
- family inet {
- rpf-check fail-filter rpf-special-case-dhcp-bootp;
- }
- }
- }
- }
[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
