[j-nsp] IPv6 firewall
Clayton Fiske
clay@bloomcounty.org
Tue, 1 Oct 2002 09:14:57 -0700
On Tue, Oct 01, 2002 at 04:55:02PM +0900, Joseph wrote:
> You need to allow routing protocols to go through too when
> applying FW to lo0.
>
> On Tue, 1 Oct 2002 13:57:10 +0900 (JST)
> kura@iij.ad.jp wrote:
>
> kura> Hi everyone,
> kura>
> kura> I'm testing IPv6 firewall function of JUNOS 5.4R2.4.
> kura> I configured a filter as below and applied it to lo0.0
> kura> to restrict clients accessible with telnet to the
> kura> Juniper box.
> kura>
> kura> firewall {
> kura> family inet6 {
> kura> filter restrict-clients {
> kura> term 1 {
> kura> from {
> kura> source-address {
> kura> ::/0;
> kura> 3ffe:507:200::/56 except; # example
> kura> }
> kura> destination-port telnet;
> kura> }
> kura> then {
> kura> log;
> kura> reject;
> kura> }
> kura> }
> kura> term 2 {
> kura> then {
> kura> log;
> kura> accept;
> kura> }
> kura> }
> kura> }
> kura> }
> kura> }
As long as the routing protocols aren't using port 23, this filter
should pass them. Also, there would not be routes present in the
table if this were the case (I believe the original email stated
there were routes present).
-c