khodor/juniper-configurations
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity

Add protect-re-dynamic-prefix-list

Browse Source
This commit is contained in:
khodor
2025-01-02 03:06:01 +00:00
parent 8527234328
commit 7d9a928b78
1 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
protect-re-dynamic-prefix-list Normal file
View File

@@ -0,0 +1,16 @@
set interfaces lo0 unit 0 family inet filter input PROTECT_RE
set interfaces lo0 unit 0 family inet6 filter input PROTECT_RE_V6
set policy-options prefix-list BGP_PEERS_DYNAMIC apply-path "protocols bgp group <*> neighbor <*.*>"
set firewall family inet filter PROTECT_RE term ALLOW_BGP from source-prefix-list BGP_PEERS_DYNAMIC
set firewall family inet filter PROTECT_RE term ALLOW_BGP from protocol tcp
set firewall family inet filter PROTECT_RE term ALLOW_BGP from destination-port bgp
set firewall family inet filter PROTECT_RE term ALLOW_BGP then log
set firewall family inet filter PROTECT_RE term ALLOW_BGP then accept
set firewall family inet filter PROTECT_RE term BLOCK_BGP from protocol tcp
set firewall family inet filter PROTECT_RE term BLOCK_BGP from destination-port bgp
set firewall family inet filter PROTECT_RE term BLOCK_BGP then log
set firewall family inet filter PROTECT_RE term BLOCK_BGP then discard
set firewall family inet filter PROTECT_RE term DEFAULT then log
set firewall family inet filter PROTECT_RE term DEFAULT then accept