All, i know this has been covered a million times, but i just wanted to check with the list to see if this is the best/recommended way to restrict ssh access to a EX switch. I did google this, but noticed people doing it different ways.
set firewall family inet filter RE_FILTER term SSH from source-address 10.0.0.1/32 set firewall family inet filter RE_FILTER term SSH from source-address 10.0.0.2/32 set firewall family inet filter RE_FILTER term SSH from protocol tcp set firewall family inet filter RE_FILTER term SSH from destination-port 22 set firewall family inet filter RE_FILTER term SSH then accept set firewall family inet filter RE_FILTER term SSH_BLOCK from protocol tcp set firewall family inet filter RE_FILTER term SSH_BLOCK from destination-port 22 set firewall family inet filter RE_FILTER term SSH_BLOCK then discard set firewall family inet filter RE_FILTER term everything-else then accept set interfaces lo0 unit 0 family inet filter input RE_FILTER Please Advise. Thanks, Brendan Mannella _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp