Dear SwiNOGers
I'm new to JunOS. I like this OS so far, but I'm having a hard time,
securing this stuff...
Something's wrong in my JunOS filters... Basically I want to block
everyone from accessing the interface on the router itself, but I want
to allow traffic to pass the interface. Somehow that doesn't work. See
below the (relevant) configuration parts:
interfaces {
xe-0/1/2 {
description blabla;
vlan-tagging;
}
unit 100 {
description Blabla;
vlan-id 100;
family inet {
filter {
input INTERFACE-INCOMING;
}
address 192.168.1.1/24
}
}
}
policy-options {
prefix-list MYINTERFACE {
192.168.1.1/32;
}
}
firewall {
family inet {
filter INTERFACE-INCOMING {
term WAN-ADDRESS {
from {
destination-prefix-list {
MYINTERFACE;
}
}
then {
discard;
}
}
term ALLOW-ALL {
then accept;
}
}
}
}
Anybody with a hint, why this filter doesn't actually block traffic to
192.168.1.1? I can still ping it.
Kind regards,
Viktor
_______________________________________________
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
