[j-nsp] mitigating dos attack on Juniper M10i

Chris Kawchuk juniperdude at gmail.com
Tue Apr 5 19:03:15 EDT 2011

Previous message: [j-nsp] mitigating dos attack on Juniper M10i
Next message: [j-nsp] mitigating dos attack on Juniper M10i
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Is firewall filter "SAMPLER" or "BLOCK-FROM-INTERNET" doing any type of "then accept" on the remainder traffic?

If so, an accept is a terminating action, and no other filters (even filter-chains) are evaluated; hence filter "all" is never called.

- Chris.

 
On 2011-04-06, at 7:32 AM, kwarteng wrote:

> SAMPLER BLOCK-FROM-INTERNET

Previous message: [j-nsp] mitigating dos attack on Juniper M10i
Next message: [j-nsp] mitigating dos attack on Juniper M10i
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the juniper-nsp mailing list