Hi I have already configure a firewall filter on subnet "115.189.245.64/28" by defining it as prefix list "xyz" in that filter "cc-out" . I want to exclude ip ( 115.189.245.78/28 ) from that prefix list and want that this server should be accessible by only two ips ( 210.250.190.190/32 ) and ( 210.250.190.211/32 ) . Current filter allow access to that subnet servers to many ips but i want to restrict access of this ( 115.189.245.78/28 ) for only two ips ( 210.250.190.190/32 ) and ( 210.250.190.211/32 ) .
Please find below mentioned config of that existing filter and kindly tell me how and where i can that new term for this server ( 115.189.245.78/28 ) without impacting existing filter :
set groups AA:BB interfaces <*> unit 98 description "aa"
set groups AA:BB interfaces <*> unit 98 family inet mtu 1500
set groups AA:BB interfaces <*> unit 98 family inet filter output cc-out
set groups AA:BB interfaces <*> unit 98 family inet address 115.189.245.65/28
set groups AA:BB policy-options prefix-list xyx 115.189.245.64/28
set groups AA:BB firewall family inet filter cc-out term accept-mgmt from source-prefix-list management
set groups AA:BB firewall family inet filter cc-out term accept-mgmt then accept
set groups AA:BB firewall family inet filter cc-out term accept-icmp from destination-prefix-list xyz
set groups AA:BB firewall family inet filter cc-out term accept-icmp from protocol icmp
set groups AA:BB firewall family inet filter cc-out term accept-icmp then policer management-5m
set groups AA:BB firewall family inet filter cc-out term accept-icmp then accept
set groups AA:BB firewall family inet filter cc-out term accept-http from destination-prefix-list xyz
set groups AA:BB firewall family inet filter cc-out term accept-http from protocol tcp
set groups AA:BB firewall family inet filter cc-out term accept-http from destination-port http
set groups AA:BB firewall family inet filter cc-out term accept-http from destination-port https
set groups AA:BB firewall family inet filter cc-out term accept-http then accept
set groups AA:BB firewall family inet filter cc-out-out term last then discard