Thanks Alex. I'll give this a try, but for info here is the configuration and result (IP's Changed):
set firewall family inet filter bgpfilter-179 term 1 from source-address 10.10.10.10/32
set firewall family inet filter bgpfilter-179 term 1 from destination-address 10.10.10.11/32
set firewall family inet filter bgpfilter-179 term 1 from destination-port bgp
set firewall family inet filter bgpfilter-179 term 1 from destination-port 179
set firewall family inet filter bgpfilter-179 term 1 then accept
set firewall family inet filter bgpfilter-179 term 2 then discard
set interfaces xe-1/2/5 unit 0 family inet filter input-list bgpfilter-179
I would expect, with this filter applied to the interface that, for example, the Cymru Bogon peering would drop, but it does not, as is shown below:
Peer: 38.229.6.20+41099 AS 15895 Local: 10.10.10.11+179 AS 111111
Description: cymru fullbogon bgp feed (ipv4 + 6)
Group: cymru-bogons Routing-Instance: master
Forwarding routing-instance: master
Type: External State: Established Flags: <Sync RSync>
As can be seen, it is still in established. So the firewall filter does not work.
If I place the "deny-all" policy statement in the group, will that not stop the actual peer too?