So, today when I implemented the firewall filter below, I was locked out from the device completly.
set firewall family inet filter filter_bgp179 term 1 from source-address HIDDEN/32
set firewall family inet filter filter_bgp179 term 1 from source-address HIDDEN/32
set firewall family inet filter filter_bgp179 term 1 from destination-port bgp
set firewall family inet filter filter_bgp179 term 1 then accept
set firewall family inet filter filter_bgp179 term 2 then reject
set interfaces lo0 unit 1 family inet filter input filter_bgp179
The above comes from https://www.juniper.net/documentation/en_US/junos/topics/topic-map/bgp-tcp-sessions.html
Did a commit check and all was fine, commited it and then I lost connection to the device. Why? I'm connected with SSH to the device, and the filter is only for the bgp port.
Do I need to do the SSH filter before to allow our traffic because of the reject in term 2? But that filter is bgp only?
Searched and found this on the forum: https://forums.juniper.net/t5/Junos/Filter-SSH-access-in-interfaces-and-BGP-neighbors/m-p/268655
Is the above way better then the first solution that I posted?