Yes, I was really talking about "payload-protocol", not "protocol" :) And this is the point, it didn't work on lo0 whereas it works on "physical" interfaces.
> Le 11 juil. 2018 à 21:14, Jay Ford <jnf...@uiowa.net> a écrit : > > You might want "payload-protocol" for IPv6, except where you really want > "next-header". This is a case where there's not a definite single functional > mapping from IPv4 to IPv6. > > ________________________________________________________________________ > Jay Ford, Network Engineering Group, Information Technology Services > University of Iowa, Iowa City, IA 52242 > email: jay-f...@uiowa.edu, phone: 319-335-5555 > > On Wed, 11 Jul 2018, Olivier Benghozi wrote: >> One thing to think about, in IPv6: >> On MX, one can use "match protocol" (with Trio / MPC cards). >> But it's not supported on lo0 filters, where you were / probably still are >> restricted to "match next-header", in order to have a filter working as >> expected. >> >>> Le 11 juil. 2018 à 20:17, Drew Weaver <drew.wea...@thenap.com> a écrit : >>> >>> Is there a list of best practices or 'things to think about' when >>> constructing a firewall filter for a loopback on an MX series router >>> running version 15 of Junos? _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp