The filter above will deny all traffic to address 172.16.100.2/32.
In filters once a match occurs all processing stops.
So to allow icmp to 172.16.100.2/32 you would need an accept term just for icmp followed by the reject term above.
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/home------------------------------
Original Message:
Sent: 04-26-2024 02:37
From: demetri stanley
Subject: Allow icmp packets in the filter
Hello,
I wrote a filter for a constraint as follows
set interfaces ae0 unit 0 family inet filter input closedaccess
set firewall family inet filter closedaccess term access from source-address 192.168.1.2/32
set firewall family inet filter closedaccess term access then accept
set firewall family inet filter closedaccess term access_denied from destination-address 172.16.100.2/32
set firewall family inet filter closedaccess term access_denied then reject
set firewall family inet filter closedaccess term default-term then accept
When I added the term for icmp accept, I couldn't get it to work, how do I accept all icmp requests from outside?
------------------------------
demetri stanley
------------------------------