Juniper Junos basic BGP and firewall filter

R1:
root@R1> show configuration | display set
set version 10.1R1.8
set system host-name R1
set system root-authentication encrypted-password “$1$DxeIh.QQ$XZ6zRnoGMUHJw/On7ojvz0”
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces em0 unit 0 family inet address 12.12.12.1/24
set interfaces lo0 unit 0 family inet address 1.1.1.1/24
set interfaces lo0 unit 0 family inet address 11.11.11.1/24
set routing-options static route 0.0.0.0/0 next-hop 12.12.12.2
set routing-options autonomous-system 100
set protocols bgp group EXT export LOOPS_to_BGP
set protocols bgp group EXT peer-as 200
set protocols bgp group EXT neighbor 12.12.12.2
set policy-options policy-statement LOOPS_to_BGP term 1 from protocol direct
set policy-options policy-statement LOOPS_to_BGP term 1 then accept

R2:
root@R2> show configuration | display set
set version 10.1R1.8
set system host-name R2
set system root-authentication encrypted-password “$1$DxeIh.QQ$XZ6zRnoGMUHJw/On7ojvz0”
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces em0 unit 0 family inet address 12.12.12.2/24
set interfaces em5 unit 0 family inet address 23.23.23.2/24
set routing-options generate route 0.0.0.0/0
set routing-options autonomous-system 200
set protocols bgp traceoptions file BGP
set protocols bgp traceoptions flag route
set protocols bgp export DEFAULT
set protocols bgp group EXT neighbor 12.12.12.1 peer-as 100
set protocols bgp group EXT neighbor 23.23.23.3 peer-as 300
set policy-options policy-statement DEFAULT term 1 from protocol aggregate
set policy-options policy-statement DEFAULT term 1 then accept

R3:
root@R3> show configuration | display set
set version 10.1R1.8
set system host-name R3
set system root-authentication encrypted-password “$1$DxeIh.QQ$XZ6zRnoGMUHJw/On7ojvz0”
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces em5 unit 0 family inet filter input BLOCK_ICMP
set interfaces em5 unit 0 family inet address 23.23.23.3/24
set interfaces lo0 unit 0 family inet address 3.3.3.3/24
set interfaces lo0 unit 0 family inet address 33.33.33.3/24
set routing-options autonomous-system 300
set protocols bgp group EXT export LOOPS_to_BGP
set protocols bgp group EXT neighbor 23.23.23.2 peer-as 200
set policy-options policy-statement LOOPS_to_BGP term 1 from protocol direct
set policy-options policy-statement LOOPS_to_BGP term 1 then accept
set firewall filter BLOCK_ICMP term 1 from source-address 11.11.11.1/32
set firewall filter BLOCK_ICMP term 1 from destination-address 33.33.33.3/32
set firewall filter BLOCK_ICMP term 1 from protocol icmp
set firewall filter BLOCK_ICMP term 1 from icmp-type echo-request
set firewall filter BLOCK_ICMP term 1 then count BLOCK_ICMP_Counter_1
set firewall filter BLOCK_ICMP term 1 then reject
set firewall filter BLOCK_ICMP term 9999 then count BLOCK_ICMP_Counter_9999
set firewall filter BLOCK_ICMP term 9999 then accept

root@R3> show firewall filter BLOCK_ICMP counter BLOCK_ICMP_Counter_1

Filter: BLOCK_ICMP
Counters:
Name Bytes Packets
BLOCK_ICMP_Counter_1 9240 110

root@R3> show firewall filter BLOCK_ICMP counter BLOCK_ICMP_Counter_9999

Filter: BLOCK_ICMP
Counters:
Name Bytes Packets
BLOCK_ICMP_Counter_9999 2316 34

root@R3> clear firewall counter BLOCK_ICMP_Counter_1 filter BLOCK_ICMP

root@R3> clear firewall counter BLOCK_ICMP_Counter_9999 filter BLOCK_ICMP

root@R3> show firewall filter BLOCK_ICMP counter BLOCK_ICMP_Counter_1

Filter: BLOCK_ICMP
Counters:
Name Bytes Packets
BLOCK_ICMP_Counter_1 0 0

root@R3> show firewall filter BLOCK_ICMP counter BLOCK_ICMP_Counter_9999

Filter: BLOCK_ICMP
Counters:
Name Bytes Packets
BLOCK_ICMP_Counter_9999 0 0

root@R3>

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s