This
topic explains how to configure a firewall filter to discard IPv6
packets that contain a mobility extension header. This feature is
supported only on MPCs in MX Series routers.
- Create the stateless firewall filter.
[edit]
user@host# edit firewall family inet6 filter filter-name
For example:
[edit]
user@host# edit firewall family inet6 filter drop-mobility
- Configure a term to discard all traffic that contains
a mobility extension header.
[edit firewall family inet6 filter drop-mobility]
user@host# set term term1 from extension-header mobility
user@host# set term term1 then discard
- Configure a term to accept all other traffic.
[edit firewall family inet6 filter drop-mobility]
user@host# set term term2 then accept
- Apply the firewall filter to a logical interface.
[edit interfaces ge-1/2/10 unit 0 family inet6]
user@host# set filter input drop-mobility