Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All
     

    Related Documentation

     

    system-services (Security Zones Host Inbound Traffic)

    Syntax

    system-services service-name { except;}

    Hierarchy Level

    [edit security zones security-zone zone-name host-inbound-traffic]

    Release Information

    Statement introduced in Junos OS Release 8.5.

    Description

    Specify the types of traffic that can reach the device for all interfaces in a zone.

    Options

    • service-name —System-service for which traffic is allowed. The following system services are supported:
      • all—Enable traffic from the defined system services available on the Routing Engine (RE). Use the except option to disallow specific system services.
      • any-service—Enable all system services on entire port range including the system services that are not defined.
      • bootp—Enable traffic destined to BOOTP and DHCP relay agents.
      • dhcp—Enable incoming DHCP requests.
      • dhcpv6—Enable incoming DHCP requests for IPv6.
      • dns—Enable incoming DNS services.
      • finger—Enable incoming finger traffic.
      • ftp—Enable incoming FTP traffic.
      • http—Enable incoming J-Web or clear-text Web authentication traffic.
      • https—Enable incoming J-Web or Web authentication traffic over Secure Sockets Layer (SSL).
      • ident-reset—Enable the access that has been blocked by an unacknowledged identification request.
      • ike—Enable Internet Key Exchange traffic.
      • lsping—Enable label switched path ping service.
      • netconf—Enable incoming NETCONF service.
      • ntp—Enable incoming Network Time Protocol (NTP) traffic.
      • ping—Allow the device to respond to ICMP echo requests.
      • r2cp—Enable incoming Radio Router Control Protocol traffic.
      • reverse-ssh—Reverse SSH traffic.
      • reverse-telnet—Reverse Telnet traffic.
      • rlogin—Enable incoming rlogin (remote login) traffic.
      • rpm—Enable incoming Real-time performance monitoring (RPM) traffic.
      • rsh—Enable incoming Remote Shell (rsh) traffic.
      • sip—Enable incoming Session Initiation Protocol traffic.
      • snmp—Enable incoming SNMP traffic (UDP port 161).
      • snmp-trap—Enable incoming SNMP traps (UDP port 162).
      • ssh—Enable incoming SSH traffic.
      • telnet—Enable incoming Telnet traffic.
      • tftp—Enable TFTP services.
      • traceroute—Enable incoming traceroute traffic (UDP port 33434).
      • xnm-clear-text—Enable incoming Junos XML protocol traffic for all specified interfaces.
      • xnm-ssl— Enable incoming Junos XML protocol-over-SSL traffic for all specified interfaces.
    • except—(Optional) Enable specific incoming system service traffic but only when the all option has been defined . For example, to enable all but FTP and HTTP system service traffic:
      set security zones security-zone trust host-inbound-traffic system-services all set security zones security-zone trust host-inbound-traffic system-services ftp exceptset security zones security-zone trust host-inbound-traffic system-services http except

    Required Privilege Level

    security—To view this statement in the configuration.

    security-control—To add this statement to the configuration.

     

    Related Documentation

     

    Modified: 2015-12-23

    Previous Page Next Page