[j-nsp] BCP for filtering management access, system-wide
Vincent Bernat
bernat at luffy.cx
Mon Jul 25 17:29:15 EDT 2016
❦ 25 juillet 2016 22:55 CEST, Jason Lixfeld <jason-jnsp at lixfeld.ca> :
> Previously, I tried to apply filters to various lo0 units, thinking
> those were the only interface to the RE, but that didn’t seem to help
> for cases where the IPs were applied to interfaces other than lo0
> units. And I haven’t been able to find a way to apply a filter or
> client list specifically to the ssh service itself like you can with
> snmp, for example.
Your filters to lo0 should be enough to secure the RE. What is your
platform? There is this "Day One" book that gives some tips on the
subject:
http://www.juniper.net/us/en/training/jnbooks/day-one/fundamentals-series/securing-routing-engine/
--
Terminate input by end-of-file or marker, not by count.
- The Elements of Programming Style (Kernighan & Plauger)
More information about the juniper-nsp
mailing list