NOTE: Filter-based forwarding on the interface will not work when source
MAC address filter is configured because the source MAC address filter takes
higher precedence over filter-based forwarding.
Related
Documentation
Example: Configuring Filter-Based Forwarding on the Source Address•
Forwarding Table Filters for Routing Instances on ACX Series Routers
Forwarding table filter is a mechanism by which all the packets forwarded by a certain
forwarding table are subjected to filtering and if a packet matches the filter condition,
the configured action is applied on the packet. You can use the forwarding table filter
mechanism to apply a filter on all interfaces associated with a single routing instance
with a simple configuration. You can apply a forwarding table filter to a routing instance
of type forwarding and also to the default routing instance inet.0. To configure a
forwarding table filter, include the filter filter-name statement at the [edit firewall family
<inet | inet6>] hierarchy level.
The following limitations apply to forwarding table filters configured on routing instances:
•
You cannot attach the same filter to more than one routing instance.
•
You cannot attach the same filter at both the [edit interfaces interface-name family
<inet | inet6> filter input filter-name] and [edit routing-instances instance-name
forwarding-options family <inet | inet6> filter input filter-name] hierarchy level.
•
You cannot attach a filter that is either interface-specific or a physical interface filter.
•
You cannot attach a filter to the egress direction of routing instances.
Related
Documentation
Configuring Forwarding Table Filters on page 1083•
Configuring Forwarding Table Filters
Forwarding table filters are defined the same as other firewall filters, but you apply them
differently:
•
Instead of applying forwarding table filters to interfaces, you apply them to forwarding
tables, each of which is associated with a routing instance and a virtual private network
(VPN).
•
Instead of applying input and output filters by default, you can apply an input forwarding
table filter only.
All packets are subjected to the input forwarding table filter that applies to the forwarding
table. A forwarding table filter controls which packets the router accepts and then
performs a lookup for the forwarding table, thereby controlling which packets the router
forwards on the interfaces.
1083Copyright © 2017, Juniper Networks, Inc.
Chapter 32: Configuring Firewall Filters
To Next Page
Loading...
Need help?
General
