Professional Documents
Culture Documents
Firewall Filter Lab
Firewall Filter Lab
ssh
from]
root@SRX1
#
set from source
address
192.168.1.0/24
[edit firewall filter
allow
ssh
term allow
ssh
from]
root@SRX1
#
set from protocol tcp
[edit firewall filter
allow
ssh
term allow
ssh
from]
root@SRX1
#
set from destination
port 22
[edit firewall filter
allow
ssh
term allow
ssh
from]
root@SRX1
#
set then accept
[edit firewall filter
allow
ssh
term allow
ssh
from]
root@SRX1
#
show
[edit firewall filter
allow
ssh
term allow
ssh
from]
root@SRX1
#
up
[edit firewall filter
allow
ssh
]
root@SRX1
#
edit term
untrusted
ssh
deny
[edit firewall filter
allow
ssh
term
untrusted
ssh
deny
]
root@SRX1
#
set from protocol tcp destination
port ssh
[edit firewall filter
allow
ssh
term
untrusted
ssh
deny
]
root@SRX1
#
set then discard
[edit firewall filter
allow
ssh
term
untrusted
ssh
deny
]
root@SRX1
#
show
[edit firewall filter
allow
ssh
term
untrusted
ssh
deny
]
root@SRX1
#
up
[edit
firewall filter
allow
ssh
]
root@SRX1
#
edit term accept
all
other
[edit firewall filter
allow
ssh
term accept
all
other]
root@SRX1
#
set then accept
[edit firewall filter
allow
ssh
term accept
all
other]
root@SRX1
#
up
[edit firewall filter
allow
ssh
]
root@SRX1
#
show
term allow
ssh
from {
from {
source
address {
192.168.1.0/24
}
protocol tcp;
destination
port ssh;
}
then accept;
}
term
untrusted
ssh
deny
{
from {
protocol tcp;
destination
port ssh;
}
then {
discard;
}
}
}
term accept
all
other {
then accept;
}
[edit firewall filter ssh
allow]
juniper@br#
top edit interfaces
[edit interfaces]
juniper@br#
edit lo0
[edit interfaces lo0]
juniper@br#