Junos OS

last person joined: yesterday 

Ask questions and share experiences about Junos OS.

  • 1.  SSH and Telnet access control

    Posted 08-10-2013 13:41

    I´m trying to configure access control restriction on my M7i box, but isn´t working. I tried apply the firewall filter on all the interfaces of router, without success.I have ge-0/0/0 connected to internal network and fe-0/2/0 connected to ISP provider. See my config below. I want only certain networks to access the router:

     

    firewall {
    family inet {
    filter local_access_control {
    term terminal-access {
    from {
    address {
    200.X.X.X/28;

    177.X.X.X/25;
    }
    protocol tcp;
    port [ ssh telnet ];
    }
    then accept;
    }
    term terminal-access_denied {
    from {
    protocol tcp;
    port [ ssh telnet ];
    }
    then {
    log;
    reject;
    }
    }
    term default-term {
    then accept;
    }
    }
    }
    }



  • 2.  RE: SSH and Telnet access control
    Best Answer

    Posted 08-10-2013 14:57

    I found the solution on the forum. See below:

     

    http://forums.juniper.net/t5/Junos-and-Junosphere/Problem-limiting-telnet-access/m-p/169538#M6643

     

    Rgds,



  • 3.  RE: SSH and Telnet access control

    Posted 08-10-2013 15:13

    Hi,

     

    Just to make more clear.

     

    To control the access (telnet, ssh etc.) to the device filter always applied to the Lo0 interface.

    To control the transit traffic through the device, filter always applied to the physical interfaces (ge-, fe- etc.) of the devices.

     

    Regards

    Satinder