[j-nsp] IPv6 firewall
kura@iij.ad.jp
kura@iij.ad.jp
Tue, 1 Oct 2002 13:57:10 +0900 (JST)
Hi everyone,
I'm testing IPv6 firewall function of JUNOS 5.4R2.4.
I configured a filter as below and applied it to lo0.0
to restrict clients accessible with telnet to the
Juniper box.
firewall {
family inet6 {
filter restrict-clients {
term 1 {
from {
source-address {
::/0;
3ffe:507:200::/56 except; # example
}
destination-port telnet;
}
then {
log;
reject;
}
}
term 2 {
then {
log;
accept;
}
}
}
}
}
This filter worked as I expected. But after I applied it
the box became not to forward all packets through it.
It forwarded packets correctly when forwarding with 'direct'
routes, but it didn't when forwading with non-'direct'
routes, for example 'RIPng' routes.
According to the output of 'show route' the box had learned
routes to destinations. And no 'Reject' entries with regard
to packet un-forwarding appeard in the output of 'show
firewall log'.
Is my configuration, or my understanding about the function
wrong? Would you please give me any suggestion if you have?
Best regards,
--
Tomohiko Kurahashi <kura@iij.ad.jp>
Network Engineering Division, Technology Department
Internet Initiative Japan Inc.