[j-nsp] ACL for lo0 template/example comprehensive list of 'things to think about'?
John Kristoff
jtk at depaul.edu
Fri Jul 13 08:50:38 EDT 2018
On Wed, 11 Jul 2018 18:22:36 +0000
Chris Boyd <cboyd at gizmopartners.com> wrote:
> Team Cymru has a “JunOS Secure Template” that I found a good place to start. It quotes version 4 though. I think that means it’s well tested?
>
> http://www.cymru.com/gillsr/documents/junos-template.pdf
That document is old and should be considered unreliable. I'm speaking
with some authority since I contributed major parts to it, including
the now bad advice of UDP rate rate limits (their demise hastened with
the rise of QUIC/SPDY years ago).
I've been redoing a slew of JUNOS configuration standards and am
documenting them as I go. I've not finalized new loopback filters yet,
but you might be interested in others and keeping an eye on this repo.
Loopback filters will soon appear within a few weeks.
<https://github.com/jtkristoff/junos>
John
More information about the juniper-nsp
mailing list