Ethernet Switching
Reply
cmt
Contributor
cmt
Posts: 12
Registered: ‎08-12-2012
0

Juniper cli on EX4200 for ACL list for syn-flood protection .

Below is an exmple of Extreme based ACL list for syn-flood protection.  What is the JUNOS cli to implement similar filter in  EX4200?

 

entry Deny-TCP {

    if {

        protocol TCP;

        tcp-flags syn;

    }

    then {

        deny;

        count DenyTCP;

    }

}

 

Thanks in advance for you support

Recognized Expert
mhariry
Posts: 340
Registered: ‎06-01-2011
0

Re: Juniper cli on EX4200 for ACL list for syn-flood protection .

Hi,

 

It will be similar in Juniper by firewall filter

 

firewall {
    family inet {
        filter test {
            term 1 {
                from {
                    protocol tcp;
                    tcp-flags syn;
                }
                then {
                    count DenyTCP;
                    discard;
                }
            }
        }
    }
}

 

you also need to apply it in interface level like

 

show interfaces ge-0/0/21
unit 0 {
    family inet {
        filter {
            input test;
        }
    }
}

 

Regards,

Mohamed Elhariry

 

Regards,
Mohamed Elhariry
2* JNCIE (SEC # 159, SP # 1059),JNCIP-ENT

[Click the "Star" for Kudos if you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]
cmt
Contributor
cmt
Posts: 12
Registered: ‎08-12-2012
0

Re: Juniper cli on EX4200 for ACL list for syn-flood protection .

mhariry (Super Contributor)

 

Thank you very much for your quick response!!!

Recognized Expert
mhariry
Posts: 340
Registered: ‎06-01-2011
0

Re: Juniper cli on EX4200 for ACL list for syn-flood protection .

You welcome my friend

 

Regards,

 

Mohamed Elhariry

 

JNCIE-M/T # 1059, CCNP & CCIP

 

----------------------------------------------------------------------------------------------------------------------------------------

If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated!

Regards,
Mohamed Elhariry
2* JNCIE (SEC # 159, SP # 1059),JNCIP-ENT

[Click the "Star" for Kudos if you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.