 |
Note: This firewall filter is only an example; do not copy the addressing specifics and use them on an actual system. |
This example firewall filter limits Network Time Protocol (NTP) messages to those to and from a certain pair of addresses (NTP server and local router), in this case 192.168.55.75 and 192.168.55.9. The filter is applied to the dedicated management interface or the fxp0 management interface as an input filter, and logs and rejects (silently discards) any messages that are not valid.
|
Note: This firewall filter is only an example; do not copy the addressing specifics and use them on an actual system. |
Configure the firewall filter:
- [edit firewall family inet]
- filter CC_NTP_Access {
-
- term NTP_server {
-
- from {
-
- destination_address {
- 192.168.55.9;
-
- source-address {
- 192.168.55.75;
- }
- protocol tcp;
- port timed;
- }
- then accept;
- }
-
- term access-denied {
-
- then {
- log;
- reject;
- }
- }
- }
- }
Apply as an input filter to lo0:
- [edit interfaces lo0 unit 0 family inet]
- filter {
- input CC_MGR_Access;
- }
 | Copyright © 2008, Juniper Networks, Inc. All Rights Reserved. Trademark Notice. | |