Dear SwiNOGers
Thank you for all the off-list answers.
Problem is solved. PEBKAC.
Kind regards,
Viktor
On 30.01.2019 14:43, Viktor Steinmann wrote:
Dear SwiNOGers
I'm new to JunOS. I like this OS so far, but I'm having a hard time, securing this stuff...
Something's wrong in my JunOS filters... Basically I want to block everyone from accessing the interface on the router itself, but I want to allow traffic to pass the interface. Somehow that doesn't work. See below the (relevant) configuration parts:
interfaces { xe-0/1/2 { description blabla; vlan-tagging; } unit 100 { description Blabla; vlan-id 100; family inet { filter { input INTERFACE-INCOMING; } address 192.168.1.1/24 } } }
policy-options { prefix-list MYINTERFACE { 192.168.1.1/32; } }
firewall { family inet { filter INTERFACE-INCOMING { term WAN-ADDRESS { from { destination-prefix-list { MYINTERFACE; } } then { discard; } } term ALLOW-ALL { then accept; } } } }
Anybody with a hint, why this filter doesn't actually block traffic to 192.168.1.1? I can still ping it.
Kind regards,
Viktor
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog