protocols (Zone Host-Inbound Traffic)

protocols { protocol-name ; protocol-name <except>;}

[edit security zones security-zone zone-name host-inbound-traffic]

Statement introduced in Release 8.5 of Junos OS.

Specify the types of traffic that can reach the device for all interfaces in a zone.

protocol-name —Protocol for which traffic is allowed. The following protocols are supported:

all—Enable traffic from all possible protocols available.
bfd—Enable incoming Bidirectional Forwarding Detection (BFD) protocol traffic.
bgp—Enable incoming BGP traffic.
dvmrp—Enable incoming Distance Vector Multicast Routing Protocol (DVMRP) traffic.
igmp—Enable incoming Internet Group Management Protocol (IGMP) traffic.
ldp—Enable incoming Label Distribution Protocol (LDP) traffic (UDP and TCP port 646).
msdp—Enable incoming Multicast Source Discovery Protocol (MSDP) traffic.
nhrp—Enable incoming Next Hop Resolution Protocol (NHRP) traffic.
ospf—Enable incoming OSPF traffic.
pgm—Enable incoming Pragmatic General Multicast (PGM) protocol traffic (IP protocol number 113).
pim—Enable incoming Protocol Independent Multicast (PIM) traffic.
rip—Enable incoming RIP traffic.
router-discovery—Enable incoming router discovery traffic.
rsvp—Enable incoming Resource Reservation Protocol (RSVP) traffic (IP protocol number 46).
sap— Enable incoming Session Announcement Protocol (SAP) traffic. SAP always listens on 224.2.127.254:9875. New addresses and ports can be added dynamically. This information must be propagated to the Packet Forwarding Engine (PFE).
vrrp—Enable incoming Virtual Router Redundancy Protocol (VRRP) traffic.

except—(Optional) except can only be used if all has been defined.

For configuration instructions and examples, see the Junos OS Security Configuration Guide.

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.