For traffic that has a source or destination of the Junos device itself we apply the firewall filter to the loopback address and this then applies to all traffic for the device. These are called protect RE filters. There is a full discussion on creating a comprehensive filter in this free day one book.
https://supportportal.juniper.net/s/article/Securing-the-Routing-Engine-on-M-MX-and-T-Series?language=en_USYou could just have the ntp only filtered by create a filter in the same format applied to the loopback with three terms
- allow the ntp port out to the ntp server address
- reject all ntp port outbound
- allow all final rule
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/home------------------------------
Original Message:
Sent: 11-22-2022 01:51
From: Sanam Kaur
Subject: Firewall Filter
The traffic is generated from irb.100 towards NTP servers.
------------------------------
Sanam Kaur
Original Message:
Sent: 11-21-2022 15:08
From: STEVE PULUKA
Subject: Firewall Filter
Is this traffic originating from or destined to the Junos device itself or transit traffic passing through the irb.100 interface between an outside device and the ntp servers?
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/home
Original Message:
Sent: 11-21-2022 09:45
From: Anonymous User
Subject: Firewall Filter
This message was posted by a user wishing to remain anonymous
I want to create a firewall filter that should discard the NTP traffic forwarding through irb.100 having management IP- 10.85.241.50 and traffic should be forwarded only to respective two ntp servers i.e 10.4.10.36 & 10.4.10.37.