Hello Theredon,
Glad to hear that your issue is resolved. Could you please mark this post as the accepted solution, as it would help other community members to find solution faster if they face the same issue?
The problem:
I'm having a similar issue with an MX104 and no matter what I do with the inet6 filter, it will allow SSH connections from any host. I'm running similar code to the OP Junos: 13.3R8.7. and my firewall appears similar to theirs as well but nothing done has been able to secure SSH or Telnet Session's to the router, even setting the term to straight discard anything destined for the SSH port.
family inet6 {
filter ROUTER-PROTECT-v6 {
term SSH {
from {
source-address {
::/0;
2604:1300:3700:ff::/64 except;
}
payload-protocol tcp;
destination-port ssh;
}
then {
count manage-discard-tcp;
discard;
}
}
term TELNET {
from {
source-address {
::/0;
2604:1300:3700:ff::/64 except;
}
payload-protocol tcp;
destination-port telnet;
}
then {
count manage-discard-tcp;
discard;
}
}
The same setup works fine for IPv4.
And the solution:
As your JUNOS is really old, can you please try replacing payload-protocol with next-header and check if it helps?
Best regards,
Sergii