[j-nsp] Firewall Filter logging

Khawaja, Kashif Kashif.Khawaja at broadwing.com
Fri Oct 8 17:06:44 EDT 2004


In that case, is there a convenient way to separate logs (into different
files perhaps) of multiple outbound firewall filters? 

-----Original Message-----
From: Harry Reynolds [mailto:harry at juniper.net] 
Sent: Friday, October 08, 2004 2:02 PM
To: Khawaja, Kashif; juniper-nsp at puck.nether.net
Subject: RE: [j-nsp] Firewall Filter logging


Firewall filters ID the incoming interface to assist with DDoS tracking.
AFAIK, there is no way to alter so as to ID the egress interface in the
log. I guess we assume that you know thaw egress interface as you have
applied the filter there.


HTHs


> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of 
> Khawaja, Kashif
> Sent: Friday, October 08, 2004 10:43 AM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] Firewall Filter logging
> 
> Hi All:
> 
> Testing a filter and having problem logging on it. Have a few
> small but rather important issues. 
> 
> 1. If I apply it ONLY outbound on an interface that all this
> traffic is exiting through I do get logs but the logs show 
> the interface traffic is entering through not the interface 
> the filter is applied (outbound) on. 
> 
> 2. Juniper's documentation for 6.2 says I should be able to
> see the port numbers along with the IP addresses in the 
> default (non-detailed view).
> Is there a knob you have to tweak for the ports to show up in 
> the terse format? I do see the ports in the detailed view.
> 
> 
> 
> sonet-options {
>     fcs 32;
> }
> unit 0 {
>     family inet {
>         filter {
>             output jun62;
>         }
>         address 192.2.1.1/30;
>     }
> }
> 
> term one {
>     from {
>         address {
>             1.1.1.0/24;
>             2.4.5.0/255.255.255.0;
>             0.0.130.0/0.0.255.0;
>             0.0.0.0/192.224.240.248;
>             0.0.0.1/0.128.0.255;
>             192.252.192.0/192.252.224.0;
>         }
>         prefix-list {
>             FIREWALLIT;
>         }
>         dscp af33;
>         protocol tcp;
>         port 21;
>     }
>     then {
>         log;
>         discard;
>     }
> }
> term two {
>     from {
>         source-address {
>             240.252.10.11/248.252.255.255;
>         }
>         destination-address {
>             128.224.0.1/248.252.255.255;
>         }
>         source-prefix-list {
>             SFIREWALLIT;
>         }
>         destination-prefix-list {
>             DFIREWALLIT;
>         }
>         precedence-except immediate;
>         protocol [ udp rsvp ];
>         destination-port 123-130;
>     }
>     then {
>         log;
>         reject;
>     }
> }
> term 3 {
>     from {
>         protocol icmp;
>         icmp-type echo-request;
>         icmp-code redirect-for-tos-and-host;
>     }
>     then {
>         log;
>         sample;
>         next term;
>     }
> }
> term 4 {
>     then accept;
> }
> 
> Thanks
> -Kashif.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
> 




More information about the juniper-nsp mailing list