SRX Services Gateway
Highlighted
SRX Services Gateway

RESOLVED: Firewall filter not working to limit device management

[ Edited ]
08.02.12   |  
‎08-02-2012 08:35 AM

Hello all, 

 

Not sure why this isn't working, pretty much followed the Securing the RE guide.  Any thoughts, it's pretty basic filter to control management, applied to lo0.0

 

family inet { filter routerProtect { term allowManagement { from { prefix-list { managementHosts; } protocol tcp; port [ ssh telnet http https ]; } then { count management; accept; } } term denyManagement { from { protocol tcp; port [ telnet ssh http https ]; } then { count denyManagement; reject; } } term allowOtherTraffic { then accept; } } } 

 

And on lo0.0

 

family inet { filter { input routerProtect; } address 192.168.254.1/32; } 

 

Did I miss something?

 

 

EDIT:  I resolved this by changing the prefix-list to a source-prefix-list, figured it should have worked with a regular prefix-list though no?