Oh duh. it can't apply an acl until it knows what the traffic is destined!
Firewall filters are seen from the router point of view. Example: traffic received on ge-0/0/0.0 on a Junos device will be evaluated by the "filter input <filter-name>" where traffic sent out of the interface is evaluated by the "filter output <filter-name>". ...
Well you just put my brain in a pretzel! why would that be outbound? the flow would start from outside the interface and destination (10.4..x.x) would be inside said interface.
In which direction have you applied the firewall filter? From what I understand of your requirements it should be applied in the outbound direction (firewall family inet filter output <filter-name>). ------------------------------ -- Jonas Hauge Klingenberg ...
I've got this applied to an interface that has an IP address of 10.4.2.17/29 However, I can still SSH to .18 from a subnet other than the .238 subnet. what do I have wrong? term A { from { source-address { 192.168.238.32/32; ...