> Now I am working on setup a M40 as a broader router, at the up-stream
> interface, I want to setup a firewall filter. Does anyone have experience
> in setup a similiar thing ? I have configured same thing on CIsco product
> but this is the first time to use Juniper router. I hope that you all can
> share some experience to me.
junipers have more sophisticated policy/filtering tools than ciscos, but
they take a bit of understanding. hit the docs. but here's a sample
/* Filter routes on accepted boundary to peers. */
policy-statement peerout-boundary {
term drop-bogons {
from {
/* filter >/24 */
route-filter 0/0 upto /24 next policy;
}
then reject;
}
then reject;
}
/* Filter some bogon routes. */
policy-statement bogon {
term drop-bogons {
from {
/* Default */
route-filter 0/0 exact reject;
/* Prefix is 0, any mask. */
route-filter 0/8 orlonger reject;
/* 0/*
May also want to reject ?/[0-6]
*/
/* BUG BUG - 0/0 == everything - heas 000205
route-filter 0/0 through 0.0.0.0/32 reject; */
/* Loopback */
route-filter 127/8 orlonger reject;
/* Private */
route-filter 10/8 orlonger reject;
route-filter 172.16/12 orlonger reject;
route-filter 192.168/16 orlonger reject;
/* Link local */
route-filter 169.254/16 orlonger reject;
/* 1st and last B/C */
route-filter 128.0/16 orlonger reject;
route-filter 191.255/16 orlonger reject;
route-filter 192.0.0/24 orlonger reject;
route-filter 223.255.255/24 orlonger reject;
/* Test */
route-filter 192.0.2/24 orlonger reject;
/* Multicast & higher
*/
route-filter 224/3 orlonger reject;
}
then reject;
}
}
randy
This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:41 EDT