Hi,
I have a MX router connecting to two ISPs, I want to implement a simple inbound filter on the uplink interfaces to block BGP connection attempts except configured ISP peers, I have the following configuration:
set policy-options prefix-list ISP_peers apply-path "protocols bgp group <*> neighbor <*>"
set firewall family inet filter allow_inbound term bgp from source-prefix-list ISP_peers except
set firewall family inet filter allow_inbound term bgp from port bgp
set firewall family inet filter allow_inbound term bgp then reject
The above configuration seems to be reasonable, but it is not working, i.e, it does not block unwanted BGP connection attempts, anything wrong?
John
------------------------------
John Gerro
------------------------------