[j-nsp] EX4200-24f lo0 filter
Richard A Steenbergen
ras at e-gerbil.net
Fri Jan 29 04:41:34 EST 2010
On Fri, Jan 29, 2010 at 09:04:36AM +0100, Sven Juergensen (KielNET) wrote:
> Hi list,
>
> according to http://bit.ly/9Xn1u9 loopback
> filters on EX switches are supported since
> 9.2R1. My box is running 9.5R3.7 and conf-
> iguring something at the [edit firewall]
> context, ends me up with
In the early versions of EX code (9.2) the loopback filters were totally
non-functional, leaving the box exposed to even simple things like ssh
access to the device (guess they never added tcp wrappers to junos
because the assumption was firewalling would take care of it :P).
They've been slowly adding more features with each new version of code,
and the last time I looked (9.6, though I think 10.0 is the same thing)
you could finally do lo0 filtering, but you couldn't police, log,
sample, count, etc. I think there are a lot more missing firewall
features on the roadmap for 10.1/10.2 though, so you might want to keep
an eye out for those. IMHO the current EX loopback firewall
functionality is not currently sufficient for real use (policers are
kinda important :P).
--
Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
More information about the juniper-nsp
mailing list