Intrusion Prevention

  • 1.  Blocking external IPs from accessing router

    Posted 09-20-2010 10:27

    I work with an M10i and I'm trying to setup a blocklist of IPs that are not allowed to authenticate/login to the router. Here is the statement I've added to the firewall portion of the config;

     

     

    firewall{
    
    ...
    
        filter badnetwork {
            term 1 {
                from {
                    source-address {
                        94.102.9.0/24;
                        67.164.164.0/24;
                        210.212.150.0/24;
                        141.114.173.0/24;
                        184.106.208.8/32;
                        183.179.21.82/32;
                        216.1.26.233/32;
                    }
                }
                then {
                    reject;
                }
            }
            term 2 {
                then accept;
            }
        }
    }

     

    None of these networks are blocked however - one of them is my home network's IP and I still can access the router from my home server with no trouble. What am I missing? I'm sure its simple but I haven't been able to find my answer online.

     



  • 2.  RE: Blocking external IPs from accessing router
    Best Answer

    Posted 09-20-2010 19:17

    Hi,


    The logic of the Filter looks good.  Did you apply it to an Application Point?  Here is some additional info.

     

    http://www.juniper.net/techpubs/en_US/junos10.3/topics/concept/policy-firewall-filter-components.html

     

    -John



  • 3.  RE: Blocking external IPs from accessing router

    Posted 09-21-2010 09:08

    Thanks for responding John. I had not applied it to anything yet, so I applied it to ge-0/1/0 (where our public IP space lives). This didn't do it however, I can still get to the router from my home address, I guess I've applied it to the wrong interface...



  • 4.  RE: Blocking external IPs from accessing router

    Posted 09-21-2010 09:09

    I just added it to a different interface, the actual uplink and its working now. Tyvm.