By Niammuddin Mz
November 24, 2025

Block ssh bruteforce di juniper junos

contoh ip kita 202.0.100.0/24, 202.0.101.0/24 
 port ssh,telnet,snmp masih default

 

set firewall family inet filter LOCAL_ACL term terminal_access from source-address 202.0.100.0/24

set firewall family inet filter LOCAL_ACL term terminal_access from source-address 202.0.101.0/24

set firewall family inet filter LOCAL_ACL term terminal_access from protocol tcp

set firewall family inet filter LOCAL_ACL term terminal_access from destination-port 22

set firewall family inet filter LOCAL_ACL term terminal_access from destination-port 23

set firewall family inet filter LOCAL_ACL term terminal_access then accept

set firewall family inet filter LOCAL_ACL term tcp-estab from protocol tcp

set firewall family inet filter LOCAL_ACL term tcp-estab from tcp-established

set firewall family inet filter LOCAL_ACL term tcp-estab then accept

set firewall family inet filter LOCAL_ACL term terminal_access_denied from protocol tcp

set firewall family inet filter LOCAL_ACL term terminal_access_denied from destination-port 22

set firewall family inet filter LOCAL_ACL term terminal_access_denied from destination-port 23

set firewall family inet filter LOCAL_ACL term terminal_access_denied then log

set firewall family inet filter LOCAL_ACL term terminal_access_denied then reject

set firewall family inet filter LOCAL_ACL term snmp-access from source-address 202.0.100.0/24

set firewall family inet filter LOCAL_ACL term snmp-access from source-address 202.0.101.0/24

set firewall family inet filter LOCAL_ACL term snmp-access from protocol udp

set firewall family inet filter LOCAL_ACL term snmp-access from destination-port snmp

set firewall family inet filter LOCAL_ACL term snmp-access then accept

set firewall family inet filter LOCAL_ACL term snmp-denied from protocol udp

set firewall family inet filter LOCAL_ACL term snmp-denied from destination-port snmp

set firewall family inet filter LOCAL_ACL term snmp-denied then log

set firewall family inet filter LOCAL_ACL term snmp-denied then reject

set firewall family inet filter LOCAL_ACL term default-term then accept


set interfaces lo0 unit 0 family inet filter input LOCAL_ACL

Labels:

Powered By Blogger | Privacy Policy