Junos OS

Hello,

this is my first post in the forum and I'm new to Juniper so I hopen I don't ask something trivial. I'm trying to restrict the telnet access to my router Juniper M7i with Junos 8.0R2.8 only from my secure network. I have found some documentation in the network and applied the following configuration:

root@router# show firewall family inet filter local_acl
term terminal_access {
    from {
        address {
            X.X.X.X/26;
        }
        protocol tcp;
        destination-port 23;
    }
    then accept;
}
term terminal_access_denied {
    from {
        address {
            0.0.0.0/0;
        }
        protocol tcp;
        destination-port 23;
    }
    then {
        reject;
    }
}
term default-term {
    then accept;    
}

root@router# show interfaces lo0
unit 0 {
    family inet {
        filter {
            input local_acl;
        }
        address 127.0.0.1/32;
    }
}

But I can access from any IP address to the telnet service, so this doesn't work and I don't know what is the problem. Am I doing something bad? Thanks in advance,

Christian

I think you just need to drop the address stanza from the deny term.

term terminal_access_denied {
    from {
        protocol tcp;
        destination-port 23;
    }
    then {
        reject;
    }

Use "from source-address" otherwise you match on x.x.x.x/26 (if this cover destination address of yout telnet session)

Thanks Steve and Krasi. It was a problem with the address field in the first term, as kasi said it should we a source-address field. Now it's working ok. Thank you both!

root@router# show
term terminal_access {
    from {
        source-address {
            X.X.X.X/26;
        }
        protocol tcp;
        destination-port 23;
    }
    then accept;
}
term terminal_access_denied {
    from {
        protocol tcp;
        destination-port 23;
    }
    then {
        reject;
    }
}
term default-term {
    then accept;
}