Hi everyone!
There is a EX4200 switch with interface ge-0/0/1.0 configured as 1.1.1.146/30. This interface is connected to the Internet.
user1@EX4200# show interfaces ge-0/0/1.0
family inet {
filter {
input DENY_EXT;
}
address 1.1.1.146/30;
}
If I issue a command "show log messages", I can see attempts to login over SSH, like this one:
user1@EX4200> show log messages
Nov 30 10:37:15 EX4200 sshd[18479]: Failed password for root from 212.156.122.94 port 45928 ssh2
Nov 30 10:37:15 EX4200 inetd[703]: /usr/sbin/sshd[18479]: exited, status 255
To prevent these login attempts I've applied the filter.
As I do not need to ssh from the Internet, I've closed all TCP/UDP ports for incoming connections:
user1@EX4200# show firewall
family inet {
filter DENY_EXT {
term DENY_EXTERNAL {
from {
source-address {
0.0.0.0/0;
}
destination-address {
1.1.1.146/32;
}
}
then {
discard;
}
}
term DEFAULT {
then accept;
}
}
}
So, this filter should discard the traffic sourced from any host and destined to itself, and pass other traffic.
But the problem is that I still can see those login attepmts!!
Question 1: How it could be possible when ALL ports are closed by the filter?
Question 2: Is it possible to turn off services like SSH on the particular interface (in my case ge-0/0/1.0)?
Maybe there is another way to solve this problem - I would appreciate any advice!
Thank you!