Example: Blocking Telnet and SSH Access
Block telnet and SSH access to all but the 192.168.1.0/24 subnet. This filter also logs any SSH or telnet traffic attempts from other subnets to the firewall log buffer:
[edit]firewall {family inet {filter local-access-control {term terminal-access {from {address {192.168.1.0/24;}protocol tcp;port [ssh telnet];}then accept;}term terminal-access-denied {from {protocol tcp;port [ssh telnet];}then {log;reject;}}term default-term {then accept;}}}}
