Supported Platforms
Applying Firewall Filters to Interfaces
For a firewall filter to work, you must apply it to at least one interface. To do this, include the filter statement when configuring a logical interface at the [edit interfaces] hierarchy level:
In the input statement, specify a firewall filter to be evaluated when packets are received on the interface. Input filters applied to a loopback interface affect only traffic destined for the Routing Engine.
In the output statement, specify a filter to be evaluated when packets exit the interface.
 | Note: When you create a loopback interface, it is important to apply an ingress filter to it so the Routing Engine is protected. We recommend that when you apply a filter to the loopback interface lo0, you include the apply-groups statement. Doing so ensures that the filter is automatically inherited on every loopback interface, including lo0 and other loopback interfaces. |
