[j-nsp] SSH Filter

Brendan Mannella bmannella at teraswitch.com
Fri May 22 10:14:53 EDT 2009



All, i know this has been covered a million times, but i just wanted to check with the list to see if this is the best/recommended way to restrict ssh access to a EX switch. I did google this, but noticed people doing it different ways. 





set firewall family inet filter RE_FILTER term SSH from source-address 10.0.0.1/32 

set firewall family inet filter RE_FILTER term SSH from source-address 10.0.0.2/32 

set firewall family inet filter RE_FILTER term SSH from protocol tcp 

set firewall family inet filter RE_FILTER term SSH from destination-port 22 

set firewall family inet filter RE_FILTER term SSH then accept 

set firewall family inet filter RE_FILTER term SSH_BLOCK from protocol tcp 

set firewall family inet filter RE_FILTER term SSH_BLOCK from destination-port 22 

set firewall family inet filter RE_FILTER term SSH_BLOCK then discard 

set firewall family inet filter RE_FILTER term everything-else then accept 

set interfaces lo0 unit 0 family inet filter input RE_FILTER 





Please Advise. 



Thanks, 



Brendan Mannella 



More information about the juniper-nsp mailing list