I am trying to set a firewall filter that blocks NTP traffic from all sources except one server on my campus which has an IP address of 10.121.125.101. The commands are below along with what the code looks like after that. When I did a commit confirmed I could not ping the EX4200 switch nor hit the J-Web interface. What am I missing?
set interfaces lo0 unit 0 family inet address 127.0.0.1/32
set firewall family inet filter ntp term allow-ntp from source-address 10.121.125.101
set firewall family inet filter ntp term allow-ntp from source-address 127.0.0.1
set firewall family inet filter ntp term allow-ntp from protocol udp
set firewall family inet filter ntp term allow-ntp from source-port ntp
set firewall family inet filter ntp term allow-ntp then accept
set firewall family inet filter ntp term block-ntp from protocol udp
set firewall family inet filter ntp term block-ntp from source-port ntp
set firewall family inet filter ntp term block-ntp then discard
set interfaces lo0 unit 0 family inet filter input ntp
[edit interfaces]
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input ntp;
+ }
+ address 127.0.0.1/32;
+ }
+ }
+ }
[edit]
+ firewall {
+ family inet {
+ filter ntp {
+ term allow-ntp {
+ from {
+ source-address {
+ 10.121.125.101/32;
+ 127.0.0.1/32;
+ }
+ protocol udp;
+ source-port ntp;
+ }
+ then accept;
+ }
+ term block-ntp {
+ from {
+ protocol udp;
+ source-port ntp;
+ }
+ then {
+ discard;
+ }
+ }
+ }
+ }
+ }