On Sun, Aug 12, 2012 at 10:46 PM, Alex Arseniev <alex.arsen...@gmail.com> wrote:
> Try this:
>
> from {
> source-prefix-list { ### <=== must be source
[...]
>
> "prefix-list" checks if either dst.IP or src.IP of incoming packet matches.
> If your box' interface IP is in MGMT prefix-list, then every SSH brute force
> attempt is a match since it most likely targets your interface IP.
Hi Alex
Thanks. This was this!
Now ACL works perfect.
Rob
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
