Rate and give feedback:  Feedback Received. Thank You!

Rate and give feedback: 

X

This document helped resolve my issue

Yes No

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:  

E-mail: 

Enter a valid Email ID

Need product assistance? Contact Juniper Support

Submit

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.

English  

English

Example: Configuring a Filter to Accept OSPF Packets from a Prefix

Requirements

No special configuration beyond device initialization is required before configuring this example.

Overview

In this example, you create a filter that accepts only OSPF packets from an address in the prefix 10.108.0.0/16, discarding all other packets with an administratively-prohibited ICMP message

Configuration

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode.

To configure this example, perform the following tasks:

• Configure the Stateless Firewall Filter
• Apply the Firewall Filter to the Loopback Interface
• Confirm and Commit Your Candidate Configuration

CLI Quick Configuration

Configure the Stateless Firewall Filter

Step-by-Step Procedure

1. Create the filter.

   [edit]user@host# edit firewall family inet filter ospf_filter

2. Configure the term that accepts packets.

   [edit firewall family inet filter ospf_filter]user@host# set term term1 from source-address 10.108.0.0/16 user@host# set term term1 from protocol ospf user@host# set term term1 then accept

3. Configure the term that rejects all other packets.

   [edit firewall family inet filter ospf_filter]user@host# set term default_term then reject administratively-prohibited

Apply the Firewall Filter to the Loopback Interface

Step-by-Step Procedure

1. Configure the interface.

   [edit]user@host# edit interfaces ge-0/0/1 unit 0 family inet

2. Configure the logical interface IP address.

   [edit interfaces ge-0/0/1 unit 0 family inet]user@host# set address 10.1.2.3/30

3. Apply the filter to the input.

   [edit interfaces ge-0/0/1 unit 0 family inet]user@host# set filter input ospf_filter

Confirm and Commit Your Candidate Configuration

Step-by-Step Procedure

1. Confirm the configuration of the stateless firewall filter by entering the show firewall configuration mode command. If the command output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

   [edit]user@host# show firewall

   family inet {filter ospf_filter {term term1 {from {source-address {10.108.0.0/16;}protocol ospf;}then {accept;}}term default_term {then {reject administratively-prohibited; # default reject action}}}}

2. Confirm the configuration of the interface by entering the show interfaces configuration mode command. If the command output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

   [edit]user@host# show interfaces

   lo0 {unit 0 {family inet {filter {input ospf_filter;}address 10.1.2.3/30;}}}

3. If you are done configuring the device, commit your candidate configuration.

   [edit]user@host# commit

Verification

To confirm that the configuration is working properly, enter the show firewall filter ospf_filter operational mode command.