I'm trying to setup some filtering on my loopback and WAN interfaces to only filter RE-bound traffic.
I'm doing this by applying a "filter input" term to the iff-level (interface xxx unit xxx family [inet/inet6]), but this filter seems to also catch traffic being forwarded from the WAN interfaces, so the filter is affecting downstream traffic as well. On platforms I've used in the past (M and MX -- "real" PFEs), these filter terms only catch locally-bound traffic and not things transiting the router. Is there a way to do some sort of similar classification on J-series as well? I have my box configured with the included "router" mode template (packet-based forwarding, all interfaces in a trusted security zone, etc.) Cheers, jof _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp