Configuring Default Reject Rules for Source Address Spoofing
The following guidelines describe when to configure the default reject rules for source address spoofing:
When the source address is equal to the address of the network interface where the network packet was received.
When the source address does not belong to the networks associated with the network interface where the network packet was received.
When the source address is defined as being on a broadcast network.
Before you begin, log in with your root account on a Junos OS device running Junos OS Release 17.4R1-S1and edit the configuration.
You can enter the configuration commands in any order and commit all the commands at once.
To configure default reject rules to log source address spoofing:
- Configure the security screen features and enable the
IP address spoofing IDS option.user@host# set security screen ids-option trustScreen ip spoofing
- Specify the name of the security zone and the IDS option
object applied to the zone.user@host# set security zones security-zone trustZone screen trustScreen