I believe this is correct. In order for a specific filter to have effect with in an routing instance you have to apply that filter to the loopback else I believe and am more than willing to be corrected but I believe the instance takes on the characteristics of the global filter when no filter is applied to the loopback within the instance.
> On Mar 22, 2016, at 12:28 PM, Luca Salvatore via juniper-nsp > <juniper-nsp@puck.nether.net> wrote: > > Try putting an loopback interface into the vrf e.g lo0.1 and applying the > filer to that. > > On Sat, Mar 19, 2016 at 4:02 PM, Raphael Mazelier <r...@futomaki.net> wrote: > >> >> >>> >>> On EX, you should be able to protect the RE using a filter on lo0 in the >>> main routing instance (not in the VRF itself). >>> But be aware that this does not work on tha ACX-series (for some strange >>> reason)... >>> >>> >> Yep the firewall filter work for interfaces that are on the main >> routing-instance. But for some reason the filter does not apply on traffic >> coming from interface placed in a vrf to the RE. >> >> >> -- >> Raphael Mazelier >> >> _______________________________________________ >> juniper-nsp mailing list juniper-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/juniper-nsp >> > > > > -- > Luca Salvatore > Manager, Network Team | DigitalOcean > Phone: +1 (929) 214-7242 > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp