[j-nsp] ACX5048 - protect remote access (telnet, ssh, http, snmp)
Daniel Verlouw
daniel at shunoshu.net
Fri Apr 1 16:02:35 EDT 2016
Hi,
On Fri, Apr 1, 2016 at 9:52 PM, Aaron <aaron1 at gvtc.com> wrote:
> agould at eng-lab-acx5048-1# commit confirmed 1 [edit interfaces lo0 unit 0
> family inet]
> 'filter'
> Referenced filter 'local_acl' can not be used as default/physical
> interface specific with lo0 not supported on ingress loopback interface
> error: configuration check-out failed
ACX does not support lo0 filter presently, which sucks. Good news is
that it's on the roadmap for sometime this year I believe. No clue why
they left it out in the first place...
As an alternative, you can apply input filter either to all your L3
interfaces, or use a fwd table filter.
E.g. permit trusted src to your infra, deny non-trusted src to your
infra, permit everything else for transit.
Regards,
Daniel.
More information about the juniper-nsp
mailing list