[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]

JUNOSe 9.1.x IP Services Configuration Guide > Configuring Firewall > Configuring Stateless Firewall

Configuring Stateless Firewall

You can use Juniper Networks policy management to configure stateless access control. For example, to stop all ICMP packets from entering the network (192.168.10.0/24), except for echo request and reply messages, you use the following command sequence:

host1(config)#ip classifier-list 111 icmp any 192.168.10.0 0.0.0.255 8

host1(config)#ip classifier-list 111 icmp any 192.168.10.0 0.0.0.255 0

host1(config)#ip policy-list 111

host1(config-policy-list)#classifier-group 111

host1(config-policy-list-classifier-group)#forward

host1(config-policy-list-classifier-group)#exit

host1(config-policy-list)#classifier-group 112

host1(config-policy-list-classifier-group)#forward

host1(config-policy-list-classifier-group)#exit

host1(config-policy-list)#exit

host1(config)#interface fastEthernet 8/0

host1(config-if)#ip policy input 111

For additional information about using Juniper Networks policy management, classifier lists, and policy lists, see JUNOSe Policy Management Configuration Guide, Chapter 1, Managing Policies on the E-series Router.

[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]