 |
Note: This firewall filter is only an example; do not copy the addressing specifics and use them on an actual system. |
This example firewall filter limits manager access to ssh access from a device with source address 192.168.14.33. It is applied to the loopback (lo0 ) interface as an input filter, and logs and rejects (silently discards) any attempts to access the router that do not meet these conditions.
|
Note: This firewall filter is only an example; do not copy the addressing specifics and use them on an actual system. |
Configure the policy options and firewall filter:
- [edit policy-options]
- prefix-list ssh-addresses {
-
- 192.168.14.33;
- }
- }
- [edit firewall family inet]
- filter CC_MGR_Access {
-
- term ssh–okay {
-
- from {
-
- source-prefix–list {
- ssh-addresses;
- }
- protocol tcp;
- port ssh;
- }
- then accept;
- }
-
- term other–okay {
-
- from {
- destination-port-except ssh;
- then {
- accept;
- }
- term no–ssh {
-
- then {
- log;
- reject;
- }
- }
- }
Apply as an input filter to lo0:
- [edit interfaces lo0 unit 0 family inet]
- filter {
- input CC_MGR_Access;
- }
 | Copyright © 2008, Juniper Networks, Inc. All Rights Reserved. Trademark Notice. | |