If you want to only block specific ports, rather than all traffic to
the RE, something like this may suit you:
term permit-ssh-ssl {
from {
source-address {
0.0.0.0/0;
E.F.G.H/20 except;
}
protocol tcp;
destination-port [ ssh telnet ftp http https ];
}
then {
log;
discard;
}
}
term default_access {
then accept;
}
}
If you don't want to see what you're dropping, omit the log statement
Cheers,
Gordon
On Wed, 5 Jun 2013 09:49:56 +0700, Samol wrote:
Dear All,
We are having problems with filtering ssh access to out MX80 box.
Many
thanks in advance for your assistance.
The problem is kind of weird. There are a few random IP addresses,
which
should be blocked by firewall filter, have established ssh
connections to
our MX80 while most of other IPs (our tested IP) from the Internet
trying
to ssh are silently dropped (no log) by this firewall filter on
loopback 0
interface.
show configuration firewall family inet filter limit-mgmt-access
term permit-ssh-ssl {
from {
source-address {
E.F.G.H/20;
}
protocol tcp;
destination-port [ ssh http https telnet ];
}
then accept;
}
term deny-all-other-ssl-ssh {
from {
protocol tcp;
destination-port [ ssh http https telnet ];
}
then {
discard;
}
}
term default {
then accept;
}
-------------------------------
show configuration interfaces lo0
unit 0 {
family inet {
filter {
input limit-mgmt-access;
}
address W.X.Y.Z/32 {
primary;
preferred;
}
}
}
--------------------------------------
Jun 4 14:48:53 R1 sshd: SSHD_LOGIN_FAILED: Login failed for user
'nagios'
from host 'A.B.C.D'
Jun 4 14:48:53 R1 sshd[77836]: Failed password for nagios from
A.B.C.D
port 37231 ssh2
Jun 4 14:48:54 R1 sshd[77837]: Received disconnect from A.B.C.D:
11: Bye
Bye
Jun 4 14:48:54 R1 inetd[1224]: /usr/sbin/sshd[77836]: exited,
status 255
Jun 4 14:48:57 R1 sshd: SSHD_LOGIN_FAILED: Login failed for user
'student' from host 'A.B.C.D'
Jun 4 14:49:06 R1 sshd: SSHD_LOGIN_FAILED: Login failed for user
'tom'
from host 'A.B.C.D'
Jun 4 14:49:06 R1 sshd[77844]: Failed password for tom from A.B.C.D
port
38247 ssh2
Jun 4 14:49:07 R1 sshd[77845]: Received disconnect from A.B.C.D:
11: Bye
Bye
Jun 4 14:49:07 R1 inetd[1224]: /usr/sbin/sshd[77844]: exited,
status 255
Jun 4 14:49:10 R1 sshd: SSHD_LOGIN_FAILED: Login failed for user
'public'
from host 'A.B.C.D'
Jun 4 14:49:10 R1 sshd[77846]: Failed password for public from
A.B.C.D
port 38511 ssh2
Jun 4 14:49:10 R1 sshd[77847]: Received disconnect from A.B.C.D:
11: Bye
Bye
Jun 4 14:49:10 R1 inetd[1224]: /usr/sbin/sshd[77846]: exited,
status 255
Regards,
Samol
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
