Junos OS

Expand all | Collapse all

How does the firewall filter work?

Jump to Best Answer
  • 1.  How does the firewall filter work?

    Posted 05-05-2018 09:35

     

    firewall {
        filter select-telnet {
            term 1 {
                from {
                    source-address {
                        10.0.0.0/8;
                    }
                }
                then log;
            }
            term 2 {
                from {
                    protocol tcp;
                    port telnet;
                }
                then {
                    syslog;
                    reject;
                }
            }
            term 3 {
                from {
                    source-address {
                        10.1.1.1/32;
                    }
                    protocol tcp;
                    port telnet;
                }
                then {
                    sample;
                    accept;
                }
            }
        }
    }

    A Telnet session is initiated from host 10.1.1.1. What will happen?

     

     

    Thank you very much.



  • 2.  RE: How does the firewall filter work?

    Posted 05-05-2018 10:17

    Telnet connection will be rejected..

     

     

    One Advice:

    If you want to learn the technology, start playing with it.  This was a very simple which you could have tried in the LAB.



  • 3.  RE: How does the firewall filter work?
    Best Answer

     
    Posted 05-06-2018 03:37

    ปลาวาฬทราย,

     

    The key to following the path is terms are evaluated in order.

    The terms stop evaluating when a final action is taken.

     

    In this filter log is not a final action to so the traffic is logged and we proceed to the next term.

    The second term denies the traffic which is a final action so the 3rd term is not evaluated.

     

    Kingsman,

    Not everyone has access to gear or virtualization to create a lab so they rely on books and the kindness of forums.

     



  • 4.  RE: How does the firewall filter work?

    Posted 05-06-2018 06:58

    @Spuluka: I believe Junos olive is free and widely available on the internet.  There are hundreds of documents available on the internet which explain how can the Junos olive be used in a home lab environment.

     

    It's all about how we want to learn,  you can learn something by asking the question but you will forget it soon unless you test the feature on your own.

     

    and moreover, It was just an advice.

     

     

     



  • 5.  RE: How does the firewall filter work?

    Posted 05-06-2018 07:26

    Hi,

     

    What about syslog command? Will it send a log to a syslog server?

     

    Thank you very much.



  • 6.  RE: How does the firewall filter work?

    Posted 05-06-2018 07:35

    Well, if it's just a LAB testing, then you can save the syslogs in the message log files.

     

     

    root@R1_re# set system syslog file messages any any

    [edit]
    root@R1_re# run show log messages | last 10
    May 6 07:32:08 R1_re fpc0 PFE_FW_SYSLOG_ETH_IP: FW: ge-0/0/1.0 R 0800 56:68:a3:1a:1d:2d -> 56:68:a3:1a:2a:da tcp 192.168.13.3 192.168.13.1 58982 23 (1 packets)
    May 6 07:32:16 R1_re mgd[57017]: UI_CMDLINE_READ_LINE: User 'root', command 'run show log messages | last 100 '

     



  • 7.  RE: How does the firewall filter work?

     
    Posted 05-07-2018 03:00

    In a firewall filter action

    log goes to a local file on the Junos device

    syslog will send to the syslog server configured under system

     

    https://www.juniper.net/documentation/en_US/junos/topics/concept/firewall-filter-option-logging-packet-headers-filter-actions.html

     



  • 8.  RE: How does the firewall filter work?

    Posted 05-08-2018 08:34

    Hi,

     

    What is the traffic not matching the all three terms do?

     

    Thank you very much.



  • 9.  RE: How does the firewall filter work?

    Posted 05-08-2018 09:35

    The implicit-deny rule will hit and traffic will be dropped



  • 10.  RE: How does the firewall filter work?

    Posted 05-13-2018 03:21

    If I change the configuration to this:

     

    filter select-ip {
        term 1 {
            from {
                source-address {
                    10.0.0.0/24;
                }
            }
            then count countA;
        }
    }

    Packets within the 10.0.0.0/24 subnet will be accepted and counted, right?

     

    Thank you very much.

     



  • 11.  RE: How does the firewall filter work?

     
    Posted 05-13-2018 06:22

    Yes that is correct. 

     

    And if you add interface specific to the firewall filter then each interface that has the filter applied will have their own counter instead of a single counter.

     

    https://www.juniper.net/documentation/en_US/junos/topics/example/firewall-filter-option-interface-specific-instances-example.html