Security

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Firewall filter "except" keyword

  • 1.  Firewall filter "except" keyword

    Posted 08-27-2021 14:05
    Hi, all,

    Say I have one uplink connection to service providers, I want to implement a input filter on the interfaces to  reject all BGP connections except for configured peers, so I have the following configuration:

    set policy-options prefix-list isp-peer apply-path "protocols bgp group <*> neighbor <*>"
    set firewall family inet filter allow_access_ in term bgp from source-prefix-list isp-peer except
    set firewall family inet filter allow_access_in  term bgp from port bgp
    set firewall family inet filter allow_access_in  term bgp then reject

    But the above filter term is not taking effect, what could be wrong?

    John

    ------------------------------
    John Gerro
    ------------------------------