[j-nsp] filter DNS Recursive MX5 Juniper

Michael Loftis mloftis at wgops.com
Sun May 29 21:02:44 EDT 2016


You're dropping all outside udp return traffic to y.y.y.1 - unless that
host uses an entirely different address for its recursion.

On Sunday, May 29, 2016, <cleber at s4networks.com.br> wrote:

> dear good night,
>
> how to configure DNS recursive filter in my MX5 Juniper?
>
> IP DNS: Y.Y.Y.1
> authorized network: 10.0.0.0/8
>
> below is configuration, but does not work.
>
>
> set firewall family inet filter FILTER-DNS term 1 from source-address
> 10.0.0.0/8
> set firewall family inet filter FILTER-DNS term 1 from destination-address
> Y.Y.Y.1
> set firewall family inet filter FILTER-DNS term 1 from destination-port 53
> set firewall family inet filter FILTER-DNS term 1 from protocol udp
> set firewall family inet filter FILTER-DNS term 1 from protocol tcp
> set firewall family inet filter FILTER-DNS term 1 then accept
>
> set firewall family inet filter FILTER-DNS term 10 from tcp-established
> set firewall family inet filter FILTER-DNS term 10 from
> destination-address Y.Y.Y.1
> set firewall family inet filter FILTER-DNS term 10 then accept
>
> set firewall family inet filter FILTER-DNS term 40 from
> destination-address Y.Y.Y.1
> set firewall family inet filter FILTER-DNS term 40 then discard
>
> set firewall family inet filter FILTRO-DNS term 50 then accept
>
> by google translator.
>
> thank you for attention.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


-- 

"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler


More information about the juniper-nsp mailing list