Juniper Ex Serisi switchlerde ssh engelleme işlemi

Juniper Ex serisi network switchiniz varsa ve loglarınızda aşağıdaki gibi ssh denemeleri yapılıyorsa cihazınızın loopback adresine firewall kuralı tanımlayarak istediğiniz ip adresine sadece izin verebilirsiniz.

Nov 21 13:07:04 switch1 inetd[712]: /usr/sbin/sshd[17537]: exited, status 255
Nov 21 13:07:05 switch1 sshd[17539]: Failed password for admin from 190.255.52.209 port 22557 ssh2
Nov 21 13:07:05 switch1 sshd[17540]: Received disconnect from 190.255.52.209: 11: Bye Bye
Nov 21 13:07:06 switch1 inetd[712]: /usr/sbin/sshd[17539]: exited, status 255
Nov 21 13:07:08 switch1 sshd[17541]: Failed password for test from 190.255.52.209 port 22650 ssh2
Nov 21 13:07:09 switch1 sshd[17542]: Received disconnect from 190.255.52.209: 11: Bye Bye
Nov 21 13:07:09 switch1 inetd[712]: /usr/sbin/sshd[17541]: exited, status 255
Nov 21 13:07:15 switch1 sshd[17543]: Failed password for test from 190.255.52.209 port 22712 ssh2
Nov 21 13:07:16 switch1 sshd[17546]: fatal: Read from socket failed: Connection reset by peer

Aşağıda örnek bir kuralı görüntüleyebilrisiniz.

Kuralda kaynak adresi belirli olan ip aralıklarına izin verebilir, icmp isteklerine cevapları kaptabilir, talep ederseniz udp erişimlerini kapatabilirsiniz.

set firewall family inet filter loopback-filter term t1 from source-address 192.168.30.0/24
set firewall family inet filter loopback-filter term t1 then accept
set firewall family inet filter loopback-filter term t2 from icmp-type echo-request
set firewall family inet filter loopback-filter term t2 from icmp-type echo-reply
set firewall family inet filter loopback-filter term t2 then discard
set firewall family inet filter loopback-filter term t3 from protocol udp
set firewall family inet filter loopback-filter term t3 then discard
set firewall family inet filter loopback-filter term t4 then discard
set interfaces lo0 unit 0 family inet filter input loopback-filter
commit

0 Paylaşımlar