Options

Do Firewall Filters on Olive Work ?

Jmiller1980Jmiller1980 Registered Users Posts: 2 ■□□□□□□□□□
in Juniper
Guys,

I built the filters below to block ssh traffic and everytime I apply to my em0.0 all traffic stops through the interface. What am I doing wrong to cause this ?

firewall {
filter local-access {
term terminal-access {
from {
address {
192.20.20.28/32;
}
protocol tcp;
port ssh;
}
then accept;
}
term no-access {
from {
protocol tcp;
port ssh;
}
then {
log;
reject;
}
}
}
filter Kill-SSH {
term Kill-SSH-192.20.20.28 {
from {
source-address {
192.20.20.28/32;
}
protocol tcp;
port ssh;
}
then accept;
}
}
}



interfaces {
em0 {
unit 0 {
family inet {
filter {
input Kill-SSH;
}
address 192.20.20.250/24;

Model: olive
JUNOS Base OS boot [10.1R1.8]
JUNOS Base OS Software Suite [10.1R1.8]
JUNOS Kernel Software Suite [10.1R1.8]
JUNOS Crypto Software Suite [10.1R1.8]
JUNOS Packet Forwarding Engine Support (M/T Common) [10.1R1.8]
JUNOS Packet Forwarding Engine Support (M20/M40) [10.1R1.8]
JUNOS Online Documentation [10.1R1.8]
JUNOS Voice Services Container package [10.1R1.8]
JUNOS Border Gateway Function package [10.1R1.8]
JUNOS Services AACL Container package [10.1R1.8]
JUNOS Services LL-PDF Container package [10.1R1.8]
JUNOS Services Stateful Firewall [10.1R1.8]
JUNOS AppId Services [10.1R1.8]
JUNOS IDP Services [10.1R1.8]
JUNOS Routing Software Suite [10.1R1.8]
· Share on FacebookShare on Twitter

Comments

  • Options
    networker050184networker050184 Mod Posts: 11,962 Mod
    I'm not too familiar with olives, but what are you trying to accomplish with this filter? Keep in mind there is an implicit deny at the end of your filter that will block everything else.
    An expert is a man who has made all the mistakes which can be made.
    · Share on FacebookShare on Twitter
  • Options
    froggy3132000froggy3132000 Member Posts: 28 ■□□□□□□□□□
    I am not sure that firewall filters work properly within olives. However the filter you have applied only permits ssh from 192.20.20.28. You are not permitting anything else. Where is the local-access filter being applied?
    · Share on FacebookShare on Twitter
  • Options
    Jmiller1980Jmiller1980 Registered Users Posts: 2 ■□□□□□□□□□
    froggy3132000 wrote: »
    I am not sure that firewall filters work properly within olives. However the filter you have applied only permits ssh from 192.20.20.28. You are not permitting anything else. Where is the local-access filter being applied?


    So How would I apply one to allow ssh from EV1 in 192.20.20.0/24 and only block 192.20.20.28.

    or

    Only allow ssh from 192.20.20.28 and block all other ip's in the Subnet.
    · Share on FacebookShare on Twitter
  • Options
    ofirzzzofirzzz Registered Users Posts: 3 ■□□□□□□□□□
    the default policy is deny any other traffic so just add last term that permit other traffic.
    · Share on FacebookShare on Twitter
  • Options
    MishraMishra Member Posts: 2,468 ■■■■□□□□□□
    55-57-chevy-passenger-car-firewall.jpg

    images?q=tbn:ANd9GcRR43J7NcFUU14LQN3hu0VS5eKXD0Rpq5luy5Hj39yFmR5OXdK_

    on

    olives.jpg
    Z

    ?

    Interesting question...
    My blog http://www.calegp.com

    You may learn something!
    · Share on FacebookShare on Twitter
  • Options
    AldurAldur Member Posts: 1,460
    LOLOLOLOOL oh man, Mishra, that gave me a good laugh.

    And to the OPs question, Yip, firewall filters definitely work on an olive. I've used one as a jump box from the outside world and I had to put a firewall filter in place to block friendly people from China attempting to brute force their way into my olive.

    And it worked like a charm. :)
    "Bribe is such an ugly word. I prefer extortion. The X makes it sound cool."

    -Bender
    · Share on FacebookShare on Twitter
Sign In or Register to comment.