[j-nsp] juniper-nsp Digest, Vol 55, Issue 33
Kanagaraj Krishna
kanagaraj at aims.com.my
Wed Jun 27 13:50:43 EDT 2007
Hi,
I've applied an input filter (hardening) to protect the routing engine of
an m7i by applying it on the loopback IP. Refer to the config below. The issue
is that, we can't telnet port:80 to any external IP from the box itself.
Obviously I've not allowed access to port 80 on my box in the input filter but
why would it affect the outgoing telnet. I tried allowing port 80 access on
the input filter and after that the outgoing telnet works. Anyone facing the
same issue?
Regards,
Kana
lo0 {
unit 0 {
family inet {
filter {
input protect-RE;
}
address xxx.xxx.xxx.xxx/32;
}
}
}
firewall {
filter protect-RE {
---config omitted----
term telnet {
from {
protocol tcp;
port telnet;
}
then {
policer telnet-policer;
accept;
}
}
---config omitted----
More information about the juniper-nsp
mailing list