Policy Framework Configuration Guide - Juniper Networks

Junos 10.4 Policy Framework Configuration Guide
Firewall Filter Examples
The following examples illustrate how to define firewall filters:
• Example: Blocking Telnet and SSH Access on page 244
• Example: Blocking TFTP Access on page 245
• Example: Accepting DHCP Packets with Specific Addresses on page 245
• Example: Defining a Policer for a Destination Class on page 246
• Example: Counting IP Option Packets on page 246
• Example: Accepting OSPF Packets from Certain Addresses on page 248
• Example: Matching Packets Based on Two Unrelated Criteria on page 248
• Example: Counting Both Accepted and Rejected Packets on page 249
• Example: Blocking TCP Connections to a Certain Port Except from BGP Peers on
page 250
• Example: Accepting Packets with Specific IPv6 TCP Flags on page 250
• Example: Setting a Rate Limit for Incoming Layer 2 Control Packets on page 251
Example: Blocking Telnet and SSH Access
Block telnet and SSH access to all but the 192.168.1.0/24 subnet. This filter also logs any
SSH or telnet traffic attempts from other subnets to the firewall log buffer:
[edit]
firewall {
family inet {
filter local-access-control {
term terminal-access {
from {
address {
192.168.1.0/24;
}
protocol tcp;
port [ssh telnet];
}
then accept;
}
term terminal-access-denied {
from {
protocol tcp;
port [ssh telnet];
}
then {
log;
reject;
}
}
244
Copyright © 2010, Juniper Networks, Inc.