Firewall filters are seen from the router point of view.
Example: traffic received on ge-0/0/0.0 on a Junos device will be evaluated by the "filter input <filter-name>" where traffic sent out of the interface is evaluated by the "filter output <filter-name>".
In your case traffic is received on interface X and sent out on interface Y with an IP of 10.4.2.17/29... and with your provided filter, it has to be added on the output chain.
------------------------------
--
Jonas Hauge Klingenberg - Juniper Ambassador
------------------------------
Original Message:
Sent: 02-17-2021 07:37
From: Unknown User
Subject: Why isn't this Firewall filter working?
Well you just put my brain in a pretzel!
why would that be outbound?
the flow would start from outside the interface and destination (10.4..x.x) would be inside said interface.
Original Message:
Sent: 02-17-2021 02:57
From: JONAS HAUGE KLINGENBERG
Subject: Why isn't this Firewall filter working?
In which direction have you applied the firewall filter? From what I understand of your requirements it should be applied in the outbound direction (firewall family inet filter output <filter-name>).
------------------------------
--
Jonas Hauge Klingenberg - Juniper Ambassador
Original Message:
Sent: 02-16-2021 21:33
From: Unknown User
Subject: Why isn't this Firewall filter working?
I've got this applied to an interface that has an IP address of 10.4.2.17/29
However, I can still SSH to .18 from a subnet other than the .238 subnet.
what do I have wrong?
term A { from { source-address { 192.168.238.32/32; } destination-address { 10.4.2.16/29; } destination-port [ ssh https ]; } then accept;}term B { from { source-address { 0.0.0.0/0; } destination-address { 10.4.2.16/29; } destination-port [ ssh https ]; } then { discard; }}term C { then accept;