Dear All, We are having problems with filtering ssh access to out MX80 box. Many thanks in advance for your assistance.
The problem is kind of weird. There are a few random IP addresses, which should be blocked by firewall filter, have established ssh connections to our MX80 while most of other IPs (our tested IP) from the Internet trying to ssh are silently dropped (no log) by this firewall filter on loopback 0 interface. show configuration firewall family inet filter limit-mgmt-access term permit-ssh-ssl { from { source-address { E.F.G.H/20; } protocol tcp; destination-port [ ssh http https telnet ]; } then accept; } term deny-all-other-ssl-ssh { from { protocol tcp; destination-port [ ssh http https telnet ]; } then { discard; } } term default { then accept; } ------------------------------- show configuration interfaces lo0 unit 0 { family inet { filter { input limit-mgmt-access; } address W.X.Y.Z/32 { primary; preferred; } } } -------------------------------------- Jun 4 14:48:53 R1 sshd: SSHD_LOGIN_FAILED: Login failed for user 'nagios' from host 'A.B.C.D' Jun 4 14:48:53 R1 sshd[77836]: Failed password for nagios from A.B.C.D port 37231 ssh2 Jun 4 14:48:54 R1 sshd[77837]: Received disconnect from A.B.C.D: 11: Bye Bye Jun 4 14:48:54 R1 inetd[1224]: /usr/sbin/sshd[77836]: exited, status 255 Jun 4 14:48:57 R1 sshd: SSHD_LOGIN_FAILED: Login failed for user 'student' from host 'A.B.C.D' Jun 4 14:49:06 R1 sshd: SSHD_LOGIN_FAILED: Login failed for user 'tom' from host 'A.B.C.D' Jun 4 14:49:06 R1 sshd[77844]: Failed password for tom from A.B.C.D port 38247 ssh2 Jun 4 14:49:07 R1 sshd[77845]: Received disconnect from A.B.C.D: 11: Bye Bye Jun 4 14:49:07 R1 inetd[1224]: /usr/sbin/sshd[77844]: exited, status 255 Jun 4 14:49:10 R1 sshd: SSHD_LOGIN_FAILED: Login failed for user 'public' from host 'A.B.C.D' Jun 4 14:49:10 R1 sshd[77846]: Failed password for public from A.B.C.D port 38511 ssh2 Jun 4 14:49:10 R1 sshd[77847]: Received disconnect from A.B.C.D: 11: Bye Bye Jun 4 14:49:10 R1 inetd[1224]: /usr/sbin/sshd[77846]: exited, status 255 Regards, Samol _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp