Juniper / JunOS – Configuring a Filter to Block Telnet and SSH Access

Juniper Networks – Configuring a Filter to Block Telnet and SSH Access

Configuration

  • Configure the Stateless Firewall Filter
  • Apply the Firewall Filter to the Loopback Interface
  • Confirm and Commit Your Candidate Configuration

To quickly configure this example, copy the following commands into a text file, remove any line breaks, and then paste the commands into the CLI at the [edit] hierarchy level.

set firewall family inet filter local_acl term terminal_access from address 192.168.1.0/24set firewall family inet filter local_acl term terminal_access from protocol tcpset firewall family inet filter local_acl term terminal_access from port sshset firewall family inet filter local_acl term terminal_access from port telnetset firewall family inet filter local_acl term terminal_access then acceptset firewall family inet filter local_acl term terminal_access_denied from protocol tcpset firewall family inet filter local_acl term terminal_access_denied from port sshset firewall family inet filter local_acl term terminal_access_denied from port telnetset firewall family inet filter local_acl term terminal_access_denied then logset firewall family inet filter local_acl term terminal_access_denied then rejectset firewall family inet filter local_acl term default-term then acceptset interfaces lo0 unit 0 family inet filter input local_acl set interfaces lo0 unit 0 family inet address 127.0.0.1/32

Verify:
show firewall log

This entry was posted in Juniper. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s