[Contents] [Prev] [Next] [Index] [Report an Error]

Applying a Stateless Firewall Filter to an Interface

You can apply a stateless firewall to the input or output sides, or both, of an interface. To filter packets transiting the router, apply the firewall filter to any non-Routing Engine interface. To filter packets originating from, or destined for, the Routing Engine, apply the firewall filter to the loopback (lo0) interface.

For example, to apply the firewall filter protect-RE to the input side of the Routing Engine interface, follow this procedure:

  1. Perform the configuration tasks described in Table 85.
  2. If you are finished configuring the router, commit the configuration.

Table 85: Applying a Firewall Filter to the Routing Engine Interface

Navigate to the Inet level in the configuration hierarchy.

In the configuration editor hierarchy, select Interfaces>lo0> Unit>0>Family>Inet.

From the top of the configuration hierarchy, apply the filter to the interface:

set interfaces lo0 unit 0 family inet filter input protect-RE

Apply protect-RE as an input filter to the lo0 interface.
  1. Next to Filter, click Configure.
  2. In the Input box, type protect-RE.
  3. Click OK five times.

To view the configuration of the Routing Engine interface, enter the show interfaces lo0 command. For example:

user@host# show interfaces lo0
unit 0 {
family inet {
filter {
input protect-RE;
}
address 127.0.0.1/32;
}
}
[Contents] [Prev] [Next] [Index] [Report an Error]

[an error occurred while processing this directive]