set firewall family inet filter RE-Protect term management_permit from source-address 192.168.2.0/24 set firewall family inet filter RE-Protect term management_permit from source-address 172.16.0.1/24 set firewall family inet filter RE-Protect term management_permit from protocol tcp set firewall family inet filter RE-Protect term management_permit from destination-port telnet set firewall family inet filter RE-Protect term management_permit from destination-port ssh set firewall family inet filter RE-Protect term management_permit from destination-port ftp set firewall family inet filter RE-Protect term management_permit then accept set firewall family inet filter RE-Protect term management_deny from protocol tcp set firewall family inet filter RE-Protect term management_deny from destination-port telnet set firewall family inet filter RE-Protect term management_deny from destination-port ssh set firewall family inet filter RE-Protect term management_deny from destination-port ftp set firewall family inet filter RE-Protect term management_deny then reject set firewall family inet filter RE-Protect term other-permit then accept
management_permit 语句匹配指定源地址访问SSH Telnet ftp协议允许。
management_deny 语句匹配访问SSH Telnet ftp协议拒绝。
other-permit 语句允许所有。
注意:此规则只匹配了IPv4
应用到lo0口
1 2
set interfaces lo0 unit 0familyinetfilterinput RE-Protect
一般情况下,将过滤规则应用到 lo0.0口的入方向,即可全局生效。
验证
1 2 3 4 5 6 7
show firewall log
Log: Time Filter Action Interface Protocol Src Addr Dest Addr 15:17:11 pfe R ge-0/0/0.0 TCP 192.168.255.1192.168.255.2 15:12:04 pfe R ge-0/0/0.0 TCP 192.168.255.1192.168.255.2