On Wed, 11 Jul 2018 18:22:36 +0000 Chris Boyd <cb...@gizmopartners.com> wrote:
> Team Cymru has a “JunOS Secure Template” that I found a good place to start. > It quotes version 4 though. I think that means it’s well tested? > > http://www.cymru.com/gillsr/documents/junos-template.pdf That document is old and should be considered unreliable. I'm speaking with some authority since I contributed major parts to it, including the now bad advice of UDP rate rate limits (their demise hastened with the rise of QUIC/SPDY years ago). I've been redoing a slew of JUNOS configuration standards and am documenting them as I go. I've not finalized new loopback filters yet, but you might be interested in others and keeping an eye on this repo. Loopback filters will soon appear within a few weeks. <https://github.com/jtkristoff/junos> John _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp