> However, I also need to accept OSPF and BGP. > > I dont want to allow BGP on ge-1/0/0. This should be done at lo0. > > But If I accept BGP on ge-1/0/0, I also need to accept it on lo0 to get it to > work. > > Is it possible to have different rules for incomning interface and lo0?
BGP is a TCP connection to your routing engine, so the rule for that session only needs to be on the lo0 interface. Whatever is on your "ge" interface would typically be for transit traffic - and not traffic to the router itself. For BGP, use a new 'term' with a 'from' (which really is an "if" statement): 'source-address' of your peer 'protocol tcp' 'port bgp' _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
