[j-nsp] Problem with firewall m-series
Tom Mayer
wellknown at gmx.net
Tue Jul 28 09:40:16 EDT 2009
Hi,
I just started with an m10 and setting up some firewall rules.
I know that default deny and permitting each individual service seems
the best way to go. But my problem is the following filter:
term 1 {
from {
destination-address {
192.168.100.0/23;
}
protocol-except tcp;
destination-port-except 8935;
}
then {
discard;
}
}
term 2 {
then accept;
}
I want on this link subnet 192.168.100.0/23 only tcp traffic on port
8935 allowed.
On all other subnets, any traffic should be allowed.
It seems that udp traffic on port 8935 to subnet 192.168.100.0/23 is
allowed when applied this filter.
May anybody tell me the right syntax for: "traffic to 192.168.100.0/23,
only tcp on port 8935 allowed. everything else for this destination is
discarded. everything else on this link is allowed."
I am applying the filter on the downlink interface as output.
Thanks, Tom
More information about the juniper-nsp
mailing list