I need an assistance to block(make them disappear) some hops from appearing in a traceroute.
Though they are my internal IP ,
See picture below for a guide . i dont't want those hops to appear in a trace ( 10.90.0.166 , 172.16.40.4, 172.16.18 ) .
I'm making use of juniper SRX5800.
In the quest , i applied a filter configuration to a trust interface facing my internal network. Then noticed i was blocking to much.
See result below , and this will rather affect troubleshooting when i applied the filter.
Below is my command line configuration
set interfaces reth0 unit 412 family inet filter output block-traceroute
set firewall family inet filter block-traceroute term t1 from source-address 0.0.0.0/0
set firewall family inet filter block-traceroute term t1 from protocol icmp
set firewall family inet filter block-traceroute term t1 from icmp-type time-exceeded
set firewall family inet filter block-traceroute term t1 then discard
set firewall family inet filter block-traceroute term accept-else then accept
BASICALLY BELOW IS AN EXAMPLE OF WHAT I NEED
------------------------------
olalekan ajayi
------------------------------