[j-nsp] filter DNS Recursive MX5 Juniper

cleber at s4networks.com.br cleber at s4networks.com.br
Sun May 29 22:02:21 EDT 2016


the firewall blocks yes, but I try to navigate an IP 10.10.10.x and the 
page does not open

by google translator

thank you for attention.


Em 2016-05-29 22:02, Michael Loftis escreveu:
> You're dropping all outside udp return traffic to y.y.y.1 - unless
> that host uses an entirely different address for its recursion.
>
> On Sunday, May 29, 2016, <cleber at s4networks.com.br> wrote:
>
>> dear good night,
>>
>> how to configure DNS recursive filter in my MX5 Juniper?
>>
>> IP DNS: Y.Y.Y.1
>> authorized network: 10.0.0.0/8 [1]
>>
>> below is configuration, but does not work.
>>
>> set firewall family inet filter FILTER-DNS term 1 from 
>> source-address 10.0.0.0/8 [1]
>> set firewall family inet filter FILTER-DNS term 1 from 
>> destination-address Y.Y.Y.1
>> set firewall family inet filter FILTER-DNS term 1 from 
>> destination-port 53
>> set firewall family inet filter FILTER-DNS term 1 from protocol udp
>> set firewall family inet filter FILTER-DNS term 1 from protocol tcp
>> set firewall family inet filter FILTER-DNS term 1 then accept
>>
>> set firewall family inet filter FILTER-DNS term 10 from 
>> tcp-established
>> set firewall family inet filter FILTER-DNS term 10 from 
>> destination-address Y.Y.Y.1
>> set firewall family inet filter FILTER-DNS term 10 then accept
>>
>> set firewall family inet filter FILTER-DNS term 40 from 
>> destination-address Y.Y.Y.1
>> set firewall family inet filter FILTER-DNS term 40 then discard
>>
>> set firewall family inet filter FILTRO-DNS term 50 then accept
>>
>> by google translator.
>>
>> thank you for attention.
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp [2]
>
> --
>
> "Genius might be described as a supreme capacity for getting its 
> possessors
> into trouble of all kinds."
> -- Samuel Butler
>
>
>
> Links:
> ------
> [1] http://10.0.0.0/8
> [2] https://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list