API tools faq
paste
Advertisement
TacticalDonut15

Untitled

TacticalDonut15
Mar 11th, 2025
59
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.09 KB | None | 0 0
raw download clone embed print report
  1. firewall {
  2. family inet {
  3. filter Protect-RE {
  4. term Permit-Loopback-All {
  5. from {
  6. source-address {
  7. 10.255.255.100/32;
  8. }
  9. }
  10. then accept;
  11. }
  12. term Permit-SSH {
  13. from {
  14. source-address {
  15. 10.10.10.0/24;
  16. 10.10.16.0/24;
  17. 10.20.10.0/24;
  18. 10.20.11.0/30;
  19. 10.34.16.0/23;
  20. 10.37.16.0/23;
  21. }
  22. protocol tcp;
  23. destination-port 22;
  24. }
  25. then accept;
  26. }
  27. term Permit-Telnet {
  28. from {
  29. source-address {
  30. 10.20.10.3/32;
  31. }
  32. protocol tcp;
  33. destination-port 23;
  34. }
  35. then {
  36. count TELNET_COUNTER;
  37. syslog;
  38. accept;
  39. }
  40. }
  41. term Permit-HTTPS {
  42. from {
  43. source-address {
  44. 10.20.10.0/24;
  45. 10.20.11.0/30;
  46. 10.34.16.0/23;
  47. 10.37.16.0/23;
  48. }
  49. protocol tcp;
  50. destination-port 443;
  51. }
  52. then accept;
  53. }
  54. term Permit-RADIUS {
  55. from {
  56. source-address {
  57. 10.20.11.0/30;
  58. }
  59. protocol udp;
  60. source-port [ 1812 1813 ];
  61. }
  62. then accept;
  63. }
  64. term Permit-NTP {
  65. from {
  66. source-address {
  67. 132.163.96.0/30;
  68. }
  69. protocol udp;
  70. destination-port 123;
  71. }
  72. then accept;
  73. }
  74. term Permit-DNS {
  75. from {
  76. source-address {
  77. 10.20.11.0/30;
  78. }
  79. protocol udp;
  80. source-port 53;
  81. }
  82. then accept;
  83. }
  84. term Permit-ICMP-Request {
  85. from {
  86. source-address {
  87. 10.10.10.0/24;
  88. 10.10.16.0/24;
  89. 10.20.10.0/24;
  90. 10.20.11.0/30;
  91. 10.34.16.0/23;
  92. 10.37.16.0/23;
  93. 10.255.253.0/24;
  94. 10.255.254.0/24;
  95. 10.255.255.0/24;
  96. }
  97. protocol icmp;
  98. icmp-type echo-request;
  99. }
  100. then accept;
  101. }
  102. term Permit-ICMP-Reply {
  103. from {
  104. protocol icmp;
  105. icmp-type echo-reply;
  106. }
  107. then accept;
  108. }
  109. term Permit-Syslog {
  110. from {
  111. source-address {
  112. 10.20.10.4/32;
  113. 10.20.10.9/32;
  114. }
  115. protocol udp;
  116. destination-port 514;
  117. }
  118. then accept;
  119. }
  120. term Permit-DHCP {
  121. from {
  122. source-address {
  123. 207.109.2.27/32;
  124. 172.16.0.0/23;
  125. 10.10.15.0/24;
  126. 10.10.20.0/24;
  127. 10.20.0.0/16;
  128. 10.34.0.0/16;
  129. 10.36.0.0/16;
  130. 10.37.0.0/16;
  131. 192.168.1.0/24;
  132. 192.168.2.0/24;
  133. }
  134. protocol udp;
  135. destination-port [ 67 68 ];
  136. }
  137. then accept;
  138. }
  139. term Permit-BGP {
  140. from {
  141. source-address {
  142. 10.255.253.0/24;
  143. 10.255.254.0/24;
  144. }
  145. protocol tcp;
  146. destination-port 179;
  147. }
  148. then accept;
  149. }
  150. term Silent-Discard-LNCB {
  151. from {
  152. destination-address {
  153. 224.0.0.0/24;
  154. }
  155. }
  156. then {
  157. discard;
  158. }
  159. }
  160. term Default-Discard {
  161. then {
  162. count DEFAULT_DISCARD_COUNTER;
  163. syslog;
  164. discard;
  165. }
  166. }
  167. }
  168. }
  169. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!