Firewall filters are not stateful, therefore the direction you apply
them on the interface matters. For outbound filters, you would allow
destination-port 23. For inbound applied filters you would need
source-port of 23. For eitherbound you would need a combination of
both.
See the router-protect filter on page 15:
http://www.qorbit.net/documents/junos-template.pdf
It gets applied 'inbound' on lo0, page 7.
-- steve
-----Original Message-----
From: J K [mailto:jdilbert@hotmail.com]
Sent: Thursday, March 28, 2002 1:48 PM
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] Firewall source-port
If we want to allow only the telnet out from a Juniper router,
do we configure
1)"from source-port 23 then accept" or
2)"from destination-port 23 then accept"?
Let's ignore tcp-established and "from protocol" and other
matching conditions here. In this case the router is acting
as a telnet client and should choose a port greater than
1023 (or do they not) and thus choice 2 seems right to me
but most online docs say it's 1. Correct me if I am wrong.
Thanks.
Regards,
confused
_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:40 EDT