Once upon a time, Leo Bicknell <bickn...@ufp.org> said:
> The feature I would like is to set the _packet filter_ based on the
> _received routes_ over BGP.
On JUNOS, you can use
routing-options {
forwarding-table {
unicast-reverse-path feasible-paths;
}
}
to get that behavior (although it is a global option, not
per-interface, I don't think there's any harm in using it).
> Actually, received routes post prefix list.
> Consider this syntax:
>
> neighbor 1.2.3.4 install-dynamic-filter Gig10/1/2 prefix-list
> customer-prefixes
>
> Anything that was received would go through the prefix-list
> customer-prefixes (probably the same list used to filter their
> announcements), and then get turned into a dynamic ACL applied to
> the inbound interface (Gig10/1/2 in this case).
JUNOS does that as well. You can use the same prefix-list in both a BGP
policy filter and a firewall filter.
--
Chris Adams <cmad...@hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
