Configuring Default Reject Rules with IP Options
This topic describes how to configure default reject rules with IP options. The IP options enable the device to either block any packets with loose or strict source route options or detect such packets and then record the event in the counters list for the ingress interface.
Before you begin, log in with your root account to an SRX Series device running Junos OS Release 12.3X48-D30.
You can enter the configuration commands in any order and commit all the commands at once.
To configure the default reject rules with IP options:
- Configure the screen features to enable IP options.[edit security screen ids-option trustScreen]user@host# set ip source-route-optionuser@host# set ip loose-source-route-optionuser@host# set ip strict-source-route-optionuser@host# set ip record-route-option
- Specify the name of the security zone and the IDS option
object applied to the zone.user@host# set security zones security-zone trustZone screen trustScreen