[j-nsp] SSH Filter
Brendan Mannella
bmannella at teraswitch.com
Fri May 22 10:14:53 EDT 2009
All, i know this has been covered a million times, but i just wanted to check with the list to see if this is the best/recommended way to restrict ssh access to a EX switch. I did google this, but noticed people doing it different ways.
set firewall family inet filter RE_FILTER term SSH from source-address 10.0.0.1/32
set firewall family inet filter RE_FILTER term SSH from source-address 10.0.0.2/32
set firewall family inet filter RE_FILTER term SSH from protocol tcp
set firewall family inet filter RE_FILTER term SSH from destination-port 22
set firewall family inet filter RE_FILTER term SSH then accept
set firewall family inet filter RE_FILTER term SSH_BLOCK from protocol tcp
set firewall family inet filter RE_FILTER term SSH_BLOCK from destination-port 22
set firewall family inet filter RE_FILTER term SSH_BLOCK then discard
set firewall family inet filter RE_FILTER term everything-else then accept
set interfaces lo0 unit 0 family inet filter input RE_FILTER
Please Advise.
Thanks,
Brendan Mannella
More information about the juniper-nsp
mailing list