SRX Services Gateway
Reply
Contributor
ed_gpc
Posts: 195
Registered: ‎09-21-2010
0

RESOLVED: Firewall filter not working to limit device management

[ Edited ]

Hello all, 

 

Not sure why this isn't working, pretty much followed the Securing the RE guide.  Any thoughts, it's pretty basic filter to control management, applied to lo0.0

 

family inet { filter routerProtect { term allowManagement { from { prefix-list { managementHosts; } protocol tcp; port [ ssh telnet http https ]; } then { count management; accept; } } term denyManagement { from { protocol tcp; port [ telnet ssh http https ]; } then { count denyManagement; reject; } } term allowOtherTraffic { then accept; } } } 

 

And on lo0.0

 

family inet { filter { input routerProtect; } address 192.168.254.1/32; } 

 

Did I miss something?

 

 

EDIT:  I resolved this by changing the prefix-list to a source-prefix-list, figured it should have worked with a regular prefix-list though no?

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.