Question regarding firewall filters

mrblackmamba343

on a cisco router this is how the rule is written

access-list 101 permit tcp any host 10.10.10.1 eq 80
access-list 101 permit tcp any host 10.10.10.2 eq 443
access-list 101 permit tcp any host 10.10.10.3 eq 3389

on a Juniper box

set firewall filter INBOUND term services from source-address 0.0.0.0/0
set firewall filter INBOUND term services from destination-address 10.10.10.1/32
set firewall filter INBOUND term services from destination-address 10.10.10.2/32
set firewall filter INBOUND term services from destination-address 10.10.10.3/32
set firewall filter INBOUND term services from protocol tcp
set firewall filter INBOUND term services from destination-port 80
set firewall filter INBOUND term services from destination-port 443
set firewall filter INBOUND term services from destination-port 3389
set firewall filter INBOUND term services then accept


but I'm confused how do I know the protocols apply to the IP addresses I want? Can I match a certain protocol to an IP addresses. I'm new to JUNOS so please excuse my ignorance. Does the first destination port apply to the first destination address?

teren

You'll want to set those up as separate terms:

set firewall filter INBOUND term host1 from source-address 0/0
set firewall filter INBOUND term host1 from destination-address 10.10.10.
set firewall filter INBOUND term host1 from destination-port 80
set firewall filter INBOUND term host1 from protocol tcp
set firewall filter INBOUND term host1 then accept
set firewall filter INBOUND term host2 from source-address 0/0
set firewall filter INBOUND term host2 from destination-address 10.10.10.2
set firewall filter INBOUND term host2 from destination-port 443
set firewall filter INBOUND term host2 from protocol tcp
set firewall filter INBOUND term host2 then accept
set firewall filter INBOUND term host3 from source-address 0/0
set firewall filter INBOUND term host3 from destination-address 10.10.10.3
set firewall filter INBOUND term host3 from destination-port 3389
set firewall filter INBOUND term host3 from protocol tcp
set firewall filter INBOUND term host3 then accept

That should do the trick, might want to check to make sure syntax is exact but hopefully you get the idea, if not let me know

Teren

mrblackmamba343 wrote: »

on a cisco router this is how the rule is written

access-list 101 permit tcp any host 10.10.10.1 eq 80
access-list 101 permit tcp any host 10.10.10.2 eq 443
access-list 101 permit tcp any host 10.10.10.3 eq 3389

on a Juniper box

set firewall filter INBOUND term services from source-address 0.0.0.0/0
set firewall filter INBOUND term services from destination-address 10.10.10.1/32
set firewall filter INBOUND term services from destination-address 10.10.10.2/32
set firewall filter INBOUND term services from destination-address 10.10.10.3/32
set firewall filter INBOUND term services from protocol tcp
set firewall filter INBOUND term services from destination-port 80
set firewall filter INBOUND term services from destination-port 443
set firewall filter INBOUND term services from destination-port 3389
set firewall filter INBOUND term services then accept


but I'm confused how do I know the protocols apply to the IP addresses I want? Can I match a certain protocol to an IP addresses. I'm new to JUNOS so please excuse my ignorance. Does the first destination port apply to the first destination address?