[j-nsp] Port list?
Eric Van Tol
eric at atlantech.net
Wed Oct 6 14:12:49 EDT 2004
This could be accomplished by using groups, correct?
groups {
tcp-port-list {
firewall {
filter <*> {
term <*> {
from protocol tcp;
destination-port [ 21 25 445 666 ];
}
}
}
}
firewall {
filter block-traffic {
term block-tcp {
apply-groups tcp-port-list;
}
then discard;
}
}
}
-evt
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Eli Dart
Sent: Wednesday, October 06, 2004 1:37 PM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] Port list?
Does anyone know of a way to define a list of ports in Juniper policy?
For a border router, it would be nice to do something like the
following:
firewall {
filter inbound {
term block-bad-tcp-ports {
from {
protocol tcp;
destination-port-list BAD-TCP;
}
then discard;
}
}
}
This allows the maintenance of a list of ports without touching the
firewall filter. It also avoids the problem of keeping multiple
instances of a port list in sync.
Juniper folks, are there any plans to implement such a thing?
--eli
More information about the juniper-nsp
mailing list