[j-nsp] SSH access and not working firewall policy
Robert Hass
robhass at gmail.com
Mon Aug 13 03:29:43 EDT 2012
On Sun, Aug 12, 2012 at 10:46 PM, Alex Arseniev <alex.arseniev at gmail.com> wrote:
> Try this:
>
> from {
> source-prefix-list { ### <=== must be source
[...]
>
> "prefix-list" checks if either dst.IP or src.IP of incoming packet matches.
> If your box' interface IP is in MGMT prefix-list, then every SSH brute force
> attempt is a match since it most likely targets your interface IP.
Hi Alex
Thanks. This was this!
Now ACL works perfect.
Rob
More information about the juniper-nsp
mailing list