[j-nsp] filter DNS Recursive MX5 Juniper
cleber at s4networks.com.br
cleber at s4networks.com.br
Sun May 29 22:02:21 EDT 2016
the firewall blocks yes, but I try to navigate an IP 10.10.10.x and the
page does not open
by google translator
thank you for attention.
Em 2016-05-29 22:02, Michael Loftis escreveu:
> You're dropping all outside udp return traffic to y.y.y.1 - unless
> that host uses an entirely different address for its recursion.
>
> On Sunday, May 29, 2016, <cleber at s4networks.com.br> wrote:
>
>> dear good night,
>>
>> how to configure DNS recursive filter in my MX5 Juniper?
>>
>> IP DNS: Y.Y.Y.1
>> authorized network: 10.0.0.0/8 [1]
>>
>> below is configuration, but does not work.
>>
>> set firewall family inet filter FILTER-DNS term 1 from
>> source-address 10.0.0.0/8 [1]
>> set firewall family inet filter FILTER-DNS term 1 from
>> destination-address Y.Y.Y.1
>> set firewall family inet filter FILTER-DNS term 1 from
>> destination-port 53
>> set firewall family inet filter FILTER-DNS term 1 from protocol udp
>> set firewall family inet filter FILTER-DNS term 1 from protocol tcp
>> set firewall family inet filter FILTER-DNS term 1 then accept
>>
>> set firewall family inet filter FILTER-DNS term 10 from
>> tcp-established
>> set firewall family inet filter FILTER-DNS term 10 from
>> destination-address Y.Y.Y.1
>> set firewall family inet filter FILTER-DNS term 10 then accept
>>
>> set firewall family inet filter FILTER-DNS term 40 from
>> destination-address Y.Y.Y.1
>> set firewall family inet filter FILTER-DNS term 40 then discard
>>
>> set firewall family inet filter FILTRO-DNS term 50 then accept
>>
>> by google translator.
>>
>> thank you for attention.
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp [2]
>
> --
>
> "Genius might be described as a supreme capacity for getting its
> possessors
> into trouble of all kinds."
> -- Samuel Butler
>
>
>
> Links:
> ------
> [1] http://10.0.0.0/8
> [2] https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list