Re: [j-nsp] BCP for filtering management access, system-wide

Hello, On 25/07/2016 23:34, Jason Lixfeld wrote: Hi Chris, et all who have suggested that lo0 is the correct place to put these filters, I’ve been through the Day One book previously, and I suspect Chip’s Safari link is much the same. Except here’s my problem after having gone through that

Re: [j-nsp] BCP for filtering management access, system-wide

Hi Chris, et all who have suggested that lo0 is the correct place to put these filters, I’ve been through the Day One book previously, and I suspect Chip’s Safari link is much the same. Except here’s my problem after having gone through that framework - I have my ‘global’ scope (which I

Re: [j-nsp] BCP for filtering management access, system-wide

❦ 25 juillet 2016 22:55 CEST, Jason Lixfeld  : > Previously, I tried to apply filters to various lo0 units, thinking > those were the only interface to the RE, but that didn’t seem to help > for cases where the IPs were applied to interfaces other than lo0 > units. And I

Re: [j-nsp] BCP for filtering management access, system-wide

Assuming an MX, application of the filter can be applied to the loopback interface. This will effectively provide a "system wide" filter. Yes, you would need to allow for control-plane protocols and such. Doug Hank's MX book has a very excellent layout of this methodology:

[j-nsp] BCP for filtering management access, system-wide

Hi, I’m trying to write filters to prevent management access to my system (ssh, SNMP, etc), and I’m unsure about where to apply them. Let’s assume I have IPs configured on a bunch of interfaces, both physical and logical, and I don’t want the majority of them to be able to accept management