Firewall the interface on lo0 is the best way ;)
interfaces { lo0 { unit 0 { family inet { filter { input router-protect; } } } } } firewall { filter router-protect { term 1 { from { source-address { 0.0.0.0/0; 1.2.3.4/32 except; 2.3.4.5/32 except; } protocol tcp; destination-port ssh; } then { discard; } } term catch { then accept; } } } On Wed, 2008-02-20 at 16:15 -0400, Ying Zhang wrote: > Hello, all, > > On our Juniper router, we constantly see people trying to connect through > SSH. I've tried everything I can find to eliminate it. The following is what > I've done so far. Just wondering if there is a better way to stop it on the > router (we do block port ssh on every link). Thanks in advance. > > root-login deny; > protocol-version v2; > connection-limit 5; > rate-limit 1; > > retry-options { > tries-before-disconnect 2; > backoff-threshold 2; > backoff-factor 10; > minimum-time 20; > } > > > C > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp