I'd like to drop traffic between two network devices which reside on two different vlans.
Junos version: 12.3R6.6
Topology:
Device one (10.0.250.93) on vlan.42 <--> L3 Switch <--> device two (10.0.6.30) on vlan.46
Firewall Config:
family inet {
filter drop-to-cucm {
term rule1 {
from {
source-address {
10.0.250.93/32;
}
destination-address {
10.0.6.30/32;
}
}
then {
discard;
}
}
}
}
Then I ran:
set interfaces vlan unit 42 family inet filter input drop-to-cucm
{master:1}[edit]
root@ex3300-vc# commit check
The result is that all traffic on vlan.42 is dropped, instead of just traffic from device one.
I've also tried applying the rule to vlan.46 input, and removing the destination-address 10.0.6.30/32 line with the same result.
I'm obviously making a fundamental mistake understanding how these firewall rules should be applied. Any help is appreciated.
Thanks,
Steve
-------------------------------------------------------
Edit: Solution provided works, greatly appreciated. For extra clarity, the accept term would be added to the existing firewall filter, as only one filter can be assigned to an interface.