Example: Blocking TCP Connections to a Certain Port Except from BGP Peers
Block all TCP connection attempts to port 179 from all requesters except the specified BGP peers:
[edit]firewall {family inet {filter bgp179 {term 1 {from {source-address {0.0.0.0/0;}source-prefix-list {bgp179 except;}destination-port bgp;}then {reject;}}term 2 {then {accept;}}}}}
Expand the prefix list bgp179 to include all BGP group neighbors:
[edit policy-options]prefix-list bgp179 {apply-path "protocols bgp group <*> neighbor <*>";}
Apply the filter bgp179 to interface lo0:
[edit interfaces lo0]unit 0 {family inet {filter {input bgp179;}address 10.0.0.1/32;}}
