Question regarding firewall filters
mrblackmamba343
Inactive Imported Users Posts: 136
in Juniper
on a cisco router this is how the rule is written
access-list 101 permit tcp any host 10.10.10.1 eq 80
access-list 101 permit tcp any host 10.10.10.2 eq 443
access-list 101 permit tcp any host 10.10.10.3 eq 3389
on a Juniper box
set firewall filter INBOUND term services from source-address 0.0.0.0/0
set firewall filter INBOUND term services from destination-address 10.10.10.1/32
set firewall filter INBOUND term services from destination-address 10.10.10.2/32
set firewall filter INBOUND term services from destination-address 10.10.10.3/32
set firewall filter INBOUND term services from protocol tcp
set firewall filter INBOUND term services from destination-port 80
set firewall filter INBOUND term services from destination-port 443
set firewall filter INBOUND term services from destination-port 3389
set firewall filter INBOUND term services then accept
but I'm confused how do I know the protocols apply to the IP addresses I want? Can I match a certain protocol to an IP addresses. I'm new to JUNOS so please excuse my ignorance. Does the first destination port apply to the first destination address?
access-list 101 permit tcp any host 10.10.10.1 eq 80
access-list 101 permit tcp any host 10.10.10.2 eq 443
access-list 101 permit tcp any host 10.10.10.3 eq 3389
on a Juniper box
set firewall filter INBOUND term services from source-address 0.0.0.0/0
set firewall filter INBOUND term services from destination-address 10.10.10.1/32
set firewall filter INBOUND term services from destination-address 10.10.10.2/32
set firewall filter INBOUND term services from destination-address 10.10.10.3/32
set firewall filter INBOUND term services from protocol tcp
set firewall filter INBOUND term services from destination-port 80
set firewall filter INBOUND term services from destination-port 443
set firewall filter INBOUND term services from destination-port 3389
set firewall filter INBOUND term services then accept
but I'm confused how do I know the protocols apply to the IP addresses I want? Can I match a certain protocol to an IP addresses. I'm new to JUNOS so please excuse my ignorance. Does the first destination port apply to the first destination address?
Comments
set firewall filter INBOUND term host1 from source-address 0/0
set firewall filter INBOUND term host1 from destination-address 10.10.10.
set firewall filter INBOUND term host1 from destination-port 80
set firewall filter INBOUND term host1 from protocol tcp
set firewall filter INBOUND term host1 then accept
set firewall filter INBOUND term host2 from source-address 0/0
set firewall filter INBOUND term host2 from destination-address 10.10.10.2
set firewall filter INBOUND term host2 from destination-port 443
set firewall filter INBOUND term host2 from protocol tcp
set firewall filter INBOUND term host2 then accept
set firewall filter INBOUND term host3 from source-address 0/0
set firewall filter INBOUND term host3 from destination-address 10.10.10.3
set firewall filter INBOUND term host3 from destination-port 3389
set firewall filter INBOUND term host3 from protocol tcp
set firewall filter INBOUND term host3 then accept
That should do the trick, might want to check to make sure syntax is exact but hopefully you get the idea, if not let me know
Teren
[edit policy-options policy-statement direct]
root# show
term connected {
from {
protocol direct;
route-filter 192.168.2.0/24 exact;
}
}
[edit policy-options policy-statement direct]
root# top edit protocols bgp
[edit protocols bgp]
root# show
group ibgp {
export direct;
peer-as 1;
neighbor 192.168.1.1;
}
solved my own issue I was missing a then statement...