Junpier block traffic
The first term is set to match icmp-echo-request traffic destine for the IP address of 192.168.10.1/24.
The second term is to pass (or accept) all other traffic.
Without the second term all traffic not matching the first term would be dropped.
Lastly the filter is applied to an interface on the inbound direction.
R1#set firewall filter LAN-inbound term BLOCK from destination-address 192.168.10.1/24
R1#set firewall filter LAN-inbound term BLOCK from icmp-type echo-request
R1#set firewall filter LAN-inbound term BLOCK then log
R1#set firewall filter LAN-inbound term BLOCK then discard
R1#set firewall filter LAN-inbound term accept-all-else then accept
R1#set interfaces em1 family inet filter input LAN-inbound
No comments:
Post a Comment