We have a couple of SRX345's as Internet routers, that are being bombed with SSH login attempts. We have root-deny configured, and the old login attempt retry-options commands, but the hits keep on coming and fill the logs. I've tried this filter, but it doesnt seem to work. What am I missing:
set policy-options prefix-list ALLOWED-HOSTS 1.2.3.1/32
set policy-options prefix-list ALLOWED-HOSTS 2.2.3.1/32
set policy-options prefix-list ALLOWED-HOSTS 3.2.3.100/32
set firewall family inet filter ALLOWED-SSH term SSH from source-prefix-list ALLOWED-HOSTS except
set firewall family inet filter ALLOWED-SSH term SSH from destination-port ssh
set firewall family inet filter ALLOWED-SSH term SSH from protocol tcp
set firewall family inet filter ALLOWED-SSH term SSH then accept
set firewall family inet filter ALLOWED-SSH term BLOCK-SSH from destination-port ssh
set firewall family inet filter ALLOWED-SSH term BLOCK-SSH from protocol tcp
set firewall family inet filter ALLOWED-SSH term BLOCK-SSH then discard
set firewall family inet filter ALLOWED-SSH term ACCEPT-ALL then accept
set interfaces lo0 unit 0 family inet filter input ALLOWED-SSH
Thanks