Hello,
I have applied a firewall filter which, by all appearances, looks to be correct. However, my desired effect has not been obtained.
My EX4200 is configured as a Layer3 switch, no routing (BGP, OSPF, etc..). If there is a way I can blackhole/nullroute these IP's that might work too.
I basically want to block all traffix from x.x.x.x/32 to vlanX, really simple stuff...
root@dal1-core1# show firewall
family ethernet-switching {
filter broncos {
term block_udp {
from {
source-address {
69.93.94.154/32;
109.233.112.63/32;
183.61.241.31/32;
186.2.164.89/32;
60.214.139.197/32;
122.224.32.238/32;
}
}
then discard;
}
term allow_all {
then accept;
}
}
}
root@dal1-core1# show vlans vlan231
vlan-id 231;
filter {
input broncos;
}
l3-interface vlan.231;
22:17:30.921036 IP 122.13.167.117.57068 > 69.194.236.111.domain: 44276+ [1au] ANY? 30259.info. (51)
22:17:30.923000 IP 60.214.139.197.32393 > 69.194.236.119.domain: 39391+ [1au] ANY? 30259.info. (51)
22:17:30.924021 IP 122.224.32.238.59516 > 69.194.236.84.domain: 15588+ [1au] ANY? 30259.info. (51)
22:17:30.925686 IP 60.214.139.197.apc-9951 > 69.194.236.66.domain: 20473+ [1au] ANY? 30259.info. (51)
22:17:30.926677 IP 67.159.54.157.51346 > 69.194.236.123.domain: 45630+ [1au] ANY? 30259.info. (51)
22:17:30.927749 IP 122.224.32.238.50724 > 69.194.236.80.domain: 25724+ [1au] ANY? 30259.info. (51)
22:17:30.929011 IP 122.224.32.238.52602 > 69.194.236.102.domain: 6806+ [1au] ANY? 30259.info. (51)
22:17:30.930439 IP 186.2.164.90.23762 > 69.194.237.38.domain: 62206+ [1au] ANY? 30259.info. (51)
22:17:30.930616 IP 186.2.164.90.34258 > 69.194.237.38.domain: 62206+ [1au] ANY? 30259.info. (51)
22:17:30.931351 IP 122.224.32.238.33883 > 69.194.236.125.domain: 35805+ [1au] ANY? 30259.info. (51)
22:17:30.931583 IP 60.214.139.197.16800 > 69.194.236.89.domain: 41056+ [1au] ANY? 30259.info. (51)
22:17:30.932268 IP 186.2.164.90.46443 > 69.194.237.52.domain: 39757+ [1au] ANY? 30259.info. (51)
22:17:30.932720 IP 186.2.164.89.16071 > 69.194.236.90.domain: 46929+ [1au] ANY? 30259.info. (51)
22:17:30.936045 IP 122.224.32.238.62786 > 69.194.237.59.domain: 25102+ [1au] ANY? 30259.info. (51)
22:17:30.937806 IP 60.214.139.197.42798 > 69.194.236.68.domain: 3586+ [1au] ANY? 30259.info. (51)
22:17:30.938491 IP 109.233.112.63.32562 > 69.194.237.48.domain: 21150+ [1au] ANY? fir.45lol.com. (54)
Any help provided would be much appreciated.
Thank you.