forked from jcoeder/juniper-configurations
-
Notifications
You must be signed in to change notification settings - Fork 0
/
protect-re-v6.txt
108 lines (94 loc) · 8.42 KB
/
protect-re-v6.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
set firewall family inet6 filter PROTECT_RE_V6 term SYNFLOOD_PROTECT from source-prefix-list ENCORE_INTERNAL_V6
set firewall family inet6 filter PROTECT_RE_V6 term SYNFLOOD_PROTECT from payload-protocol tcp
set firewall family inet6 filter PROTECT_RE_V6 term SYNFLOOD_PROTECT from tcp-flags "(syn & !ack) | fin | rst"
set firewall family inet6 filter PROTECT_RE_V6 term SYNFLOOD_PROTECT then policer POLICE_100K
set firewall family inet6 filter PROTECT_RE_V6 term SYNFLOOD_PROTECT then count PROTECT_RE_V6_SYNFLOOD_PROTECT
set firewall family inet6 filter PROTECT_RE_V6 term SYNFLOOD_PROTECT then accept
set firewall family inet6 filter PROTECT_RE_V6 term SYNFLOOD_PROTECT then syslog
set firewall family inet6 filter PROTECT_RE_V6 term DENY_ICMP_FRAGS from payload-protocol icmp6
set firewall family inet6 filter PROTECT_RE_V6 term DENY_ICMP_FRAGS from extension-header fragment
set firewall family inet6 filter PROTECT_RE_V6 term DENY_ICMP_FRAGS then count PROTECT_RE_V6_DENY_ICMP_FRAGS
set firewall family inet6 filter PROTECT_RE_V6 term DENY_ICMP_FRAGS then log
set firewall family inet6 filter PROTECT_RE_V6 term DENY_ICMP_FRAGS then discard
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_ICMP from payload-protocol icmp6
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_ICMP then policer POLICE_1M
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_ICMP then count PROTECT_RE_V6_ALLOW_ICMP
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_ICMP then accept
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_TRACEROUTE from payload-protocol udp
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_TRACEROUTE from port 33434-33523
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_TRACEROUTE then policer POLICE_1M
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_TRACEROUTE then count PROTECT_RE_V6_ALLOW_TRACEROUTE
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_TRACEROUTE then accept
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_OSPF from destination-prefix-list LOCALHOST_DYNAMIC_V6
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_OSPF from destination-prefix-list OSPF_ROUTERS_V6
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_OSPF from destination-prefix-list LINK_LOCAL_V6
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_OSPF from payload-protocol ospf
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_OSPF then count PROTECT_RE_V6_ALLOW_OSPF
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_OSPF then accept
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_BGP from source-prefix-list BGP_PEERS_DYNAMIC_V6
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_BGP from source-prefix-list LINK_LOCAL_V6
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_BGP from payload-protocol tcp
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_BGP from port bgp
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_BGP then count PROTECT_RE_V6_ALLOW_BGP
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_BGP then accept
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_SSH from source-prefix-list ENCORE_INTERNAL_V6
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_SSH from source-prefix-list LINK_LOCAL_V6
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_SSH from payload-protocol tcp
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_SSH from port ssh
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_SSH then count PROTECT_RE_V6_ALLOW_SSH
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_SSH then accept
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_SSH then syslog
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_NETCONF from source-prefix-list ENCORE_INTERNAL_V6
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_NETCONF from source-prefix-list LINK_LOCAL_V6
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_NETCONF from payload-protocol tcp
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_NETCONF from port 830
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_NETCONF then count PROTECT_RE_V6_ALLOW_NETCONF
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_NETCONF then accept
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_NETCONF then syslog
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_SNMP from source-prefix-list SNMP_SERVERS_DYNAMIC_V6
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_SNMP from source-prefix-list LINK_LOCAL_V6
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_SNMP from payload-protocol udp
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_SNMP from port snmp
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_SNMP then policer POLICE_10M
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_SNMP then count PROTECT_RE_V6_ALLOW_SNMP
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_SNMP then accept
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_NTP from source-prefix-list LOCALHOST_DYNAMIC_V6
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_NTP from source-prefix-list NTP_SERVERS_DYNAMIC_V6
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_NTP from source-prefix-list NTP_SOURCE_DYNAMIC_V6
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_NTP from source-prefix-list LINK_LOCAL_V6
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_NTP from payload-protocol udp
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_NTP from port ntp
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_NTP then policer POLICE_32K
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_NTP then count PROTECT_RE_V6_ALLOW_NTP
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_NTP then accept
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_DNS from source-prefix-list DNS_SERVERS_DYNAMIC_V6
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_DNS from source-prefix-list LINK_LOCAL_V6
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_DNS from payload-protocol udp
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_DNS from payload-protocol tcp
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_DNS from port domain
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_DNS then policer POLICE_32K
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_DNS then count PROTECT_RE_V6_ALLOW_DNS
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_DNS then accept
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_DNS then syslog
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_VRRP from destination-prefix-list VRRP_ROUTERS_V6
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_VRRP from destination-prefix-list LOCALHOST_DYNAMIC_V6
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_VRRP from destination-prefix-list LINK_LOCAL_V6
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_VRRP from payload-protocol vrrp
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_VRRP from payload-protocol ah
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_VRRP then count PROTECT_RE_V6_ALLOW_VRRP
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_VRRP then accept
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_BFD from payload-protocol udp
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_BFD from port 3784
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_BFD from port 4784
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_BFD then count PROTECT_RE_V6_ALLOW_BFD
set firewall family inet6 filter PROTECT_RE_V6 term ALLOW_BFD then accept
set firewall family inet6 filter PROTECT_RE_V6 term TCP_ESTABLISHED from payload-protocol tcp
set firewall family inet6 filter PROTECT_RE_V6 term TCP_ESTABLISHED from tcp-established
set firewall family inet6 filter PROTECT_RE_V6 term TCP_ESTABLISHED then policer POLICE_10M
set firewall family inet6 filter PROTECT_RE_V6 term TCP_ESTABLISHED then count PROTECT_RE_V6_TCP_ESTABLISHED
set firewall family inet6 filter PROTECT_RE_V6 term TCP_ESTABLISHED then accept
set firewall family inet6 filter PROTECT_RE_V6 term TCP_ESTABLISHED then syslog
set firewall family inet6 filter PROTECT_RE_V6 term DEFAULT_DENY then count PROTECT_RE_V6_DEFAULT_DENY
set firewall family inet6 filter PROTECT_RE_V6 term DEFAULT_DENY then log
set firewall family inet6 filter PROTECT_RE_V6 term DEFAULT_DENY then discard
set firewall family inet6 filter PROTECT_RE_V6 term DEFAULT_DENY then syslog