0

我的帖子

个人中心

设置

  发新话题
我的防火墙软件版本如下:

picclife@XDL-JP3400-HX-F24-02> show version
node0:
--------------------------------------------------------------------------
Hostname:
Model: srx3400
JUNOS Software Release [11.4R7.5]

node1:
--------------------------------------------------------------------------
Hostname:
Model: srx3400
JUNOS Software Release [11.4R7.5]


请问如何设置能限制指定用户通过SSH登录。



方法1
调用在接口上。192.168.1.1为接口地址

set firewall filter abc term a from source-address 10.1.1.1/32
set firewall filter abc term a from source-address 10.1.1.2/32
set firewall filter abc term a from destination-address 192.168.1.1/32         
set firewall filter abc term a from protocol tcp port telnet
set firewall filter abc term a then accept

set firewall filter abc term b from protocol tcp port telnet
set firewall filter abc term b  from destination-address 192.168.1.1/32
set firewall filter abc term b then reject

set firewall filter abc term c then accept
set interfaces  ge-0/0/0  unit 0 family inet filter input abc
set interfaces  ge-0/0/0  unit 0 family inet  address  192.168.1.1/24

调用 地lo上
lo接口不需要配置地址也可以!!!!防火墙上一般没有。路由器一般才有。

set firewall filter managerterm 1 from source-address 100.238.1.90/32
set firewall filter managerterm 1 from protocol tcp
set firewall filter managerterm 1 from port ssh
set firewall filter managerterm 1 from port 80
set firewall filter managerterm 1 then accept
set firewall filter managerterm 2from protocol tcp
set firewall filter managerterm 2 from port ssh
set firewall filter managerterm 2 from port 80
set firewall filter managerterm 2 then reject
set firewall filter managerterm 3 from source-address 100.238.1.90/32
set firewall filter managerterm 3 from protocol udp
set firewall filter managerterm 3 from port ntp
set firewall filter managerterm 3 then accept
set firewall filter managerterm 4 from protocol udp
set firewall filter managerterm 4 from port ntp
set firewall filter managerterm 4then reject
set interfaces lo0 unit 0 family inet filter input manager
set interfaces lo0 unit 0 family inet address 100.238.15.29/32



JNCIE-SP、JNCIE-DC、JNCIE-SEC、JNCIE-ENT
天下风云出我辈, 一入江湖岁月催。当年的“小侠唐在飞” 如今变成了“大侠唐在飞”。♫金杯银杯,不如网友的口碑;金奖银奖,不如网友的褒奖;熊掌鸭掌,不如网友的鼓掌~   
【大侠唐在飞出品网络教学视频课程 】 ☺欢迎加入“唐志强技术教学交流群”,群号:67182271。
‹‹ 上一贴:求SRX210h的较新版本的固件。   |   下一贴:ISG1000设置长连接 ››
  发新话题
快速回复主题
关于我们 | 诚聘英才 | 联系我们 | 网站大事 | 友情链接 |意见反馈 | 网站地图
Copyright©2005-2020 51CTO.COM
本论坛言论纯属发布者个人意见,不代表51CTO网站立场!如有疑义,请与管理员联系:bbs@51cto.com