[j-nsp] Cisco Filter

David Gethings davidg at pipex.net
Tue Dec 28 14:15:18 EST 2004


On Mon, 2004-12-27 at 10:53 +0000, David Gethings wrote:
> Here's the code:
This time here's the correct code! (I read the permit as a deny):

firewall {
  filter port135 {
    term permit {
      from {
        source-address {
          172.16.1.0/24;
        }
        destination-address {
          172.17.0.0/16;
        }
        protocol tcp;
        port 135;
      }
      then {
        accept;
      }
    term default {
      then {
        accept;
    }
  }
}

If you only want to allow port 135 between these networks then change
the default term from an accept to a discard.

-- 
Cheers

Dg



More information about the juniper-nsp mailing list