[j-nsp] IPv6 firewall
Stephen Stuart
stuart@tech.org
Tue, 01 Oct 2002 01:34:15 -0700
> I'm testing IPv6 firewall function of JUNOS 5.4R2.4.
> I configured a filter as below and applied it to lo0.0
> to restrict clients accessible with telnet to the
> Juniper box.
>
> firewall {
> family inet6 {
> filter restrict-clients {
> term 1 {
> from {
> source-address {
> ::/0;
> 3ffe:507:200::/56 except; # example
> }
> destination-port telnet;
> }
This "from" specification should also specify that the protocol is
TCP; otherwise, it may be generating a match on packets that you do
not intend that it match (such as routing protocol packets).
Try:
from {
source-address {
::/0;
3ffe:507:200::/56 except; # example
}
next-header tcp;
destination-port telnet;
}
or something like that.
Stephen