[Contents] [Prev] [Next] [Index] [Report an Error]

Applying a Stateless Firewall Filter to an Interface

You can apply a stateless firewall to the input or output sides, or both, of an interface. To filter packets transiting the router, apply the firewall filter to any non-Routing Engine interface. To filter packets originating from, or destined for, the Routing Engine, apply the firewall filter to the loopback (lo0) interface.

For example, to apply a stateless firewall filter protect-RE to the input side of the Routing Engine interface, follow this procedure:

  1. Perform the configuration tasks described in Table 120.
  2. If you are finished configuring the network, commit the configuration.

Table 120: Applying a Firewall Filter to the Routing Engine Interface

Task

J-Web Configuration Editor

CLI Configuration Editor

Navigate to the Inet level in the configuration hierarchy.

In the configuration editor hierarchy, select Interfaces>lo0> Unit>0>Family>Inet.

From the top of the configuration hierarchy, apply the filter to the interface:

set interfaces lo0 unit 0 family inet filter input protect-RE

Apply protect-RE as an input filter to the lo0 interface.
  1. Next to Filter, click Configure.
  2. In the Input box, type protect-RE.
  3. Click OK five times.

To view the configuration of the Routing Engine interface, enter the show interfaces lo0 command. For example:

user@host# show interfaces lo0
unit 0 {
family inet {
filter {
input protect-RE;
}
address 127.0.0.1/32;
}
}
[Contents] [Prev] [Next] [Index] [Report an Error]

[an error occurred while processing this directive]