Scribd Logo
Upload

Welcome to Scribd!

  • Belajar Mengkonfigurasi Firewall Filter Sederhana Di Junos

    Uploaded by

    iwing
    2K views5 pages

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    2K views5 pages

    Belajar Mengkonfigurasi Firewall Filter Sederhana Di Junos

    Uploaded by

    iwing

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    Belajar Mengkonfigurasi Firewall Filter sederhana

    Di Junos
    http://iwing.wordpress.com

    --------------------------------------------------------
    Topology yang digunakan adalah sebagai berikut:
    --------------------------------------------------------

    --------------------------------------------------------
    Contoh konfigurasi IOS software:
    --------------------------------------------------------
    Router(config)#access-list 110 deny ip host 192.168.10.2 any
    Router(config)#access-list 110 permit ip any any
    --------------------------------------------------------
    Contoh konfigurasi JUNOS software:
    --------------------------------------------------------
    [edit firewall family inet filter test-blok]
    root@cnc2# set term test-blok-iwing from source-address 192.168.10.2/32
    root@cnc2# set term test-blok-iwing then reject
    root@cnc2# set term accept-all then accept
    root@cnc2#
    --------------------------------------------------------
    Kasus nya adalah, saya ingin memblokir ip host 192.168.10.2,
    untuk mengakses ip host 192.168.30.2
    --------------------------------------------------------
    --------------------------------------------------------
    [edit firewall]
    root@cnc2# show
    family inet {
    filter test-blok {
    term test-blok-iwing {
    from {
    source-address {
    192.168.10.2/32;
    }
    }
    then {
    reject;
    }
    }
    term accept-all {
    then accept;
    }
    }
    }

    [edit firewall]
    root@cnc2#
    --------------------------------------------------------
    Seperti di IOS, kita bisa meletakan rule nya diarah
    inbound atau outbound, pada kasus saya akan saya simpan
    di arah outbound int fxp0.0
    --------------------------------------------------------
    [edit interfaces]
    root@cnc2# set fxp0.0 family inet filter output test-blok
    root@cnc2#
    --------------------------------------------------------
    [edit interfaces fxp0 unit 0]
    root@cnc2# show
    family inet {
    filter {
    output test-blok;
    }
    address 192.168.30.1/24;
    }

    [edit interfaces fxp0 unit 0]


    root@cnc2#
    --------------------------------------------------------
    Hasilnya adalah :
    --------------------------------------------------------
    --------------------------------------------------------
    Kasus kedua, saya ingin memblokir layanan telnet ke router
    cnc2 dari network 192.168.10.0/24,rulenya saya coba
    buat di router cnc1
    --------------------------------------------------------
    Contoh konfigurasi IOS software:
    --------------------------------------------------------
    Router(config)#access-list 120 deny tcp any host 192.168.20.2 eq telnet
    Router(config)#access-list 120 deny tcp any host 192.168.30.1 eq telnet
    Router(config)#access-list 120 deny tcp any host 2.2.2.2 eq telnet
    Router(config)#access-list 120 permit ip any any
    --------------------------------------------------------
    Contoh konfigurasi JUNOS software:
    --------------------------------------------------------
    [edit firewall family inet filter protect-router]
    root@cnc1# set term block-cli-access from destination-address 192.168.20.2/32
    root@cnc1# set term block-cli-access from destination-address 192.168.30.1/32
    root@cnc1# set term block-cli-access from destination-address 2.2.2.2/32
    root@cnc1# set term block-cli-access from protocol tcp
    root@cnc1# set term block-cli-access from destination-port telnet
    root@cnc1# set term block-cli-access then reject
    root@cnc1# set term allow-others then accept
    root@cnc1#
    --------------------------------------------------------
    [edit firewall]
    root@cnc1# show
    family inet {
    filter protect-router {
    term block-cli-access {
    from {
    destination-address {
    192.168.20.2/32;
    2.2.2.2/32;
    192.168.30.1/32;
    }
    protocol tcp;
    destination-port telnet;
    }
    then {
    reject;
    }
    }
    term allow-others {
    then accept;
    }
    }
    }

    [edit firewall]
    root@cnc1#
    --------------------------------------------------------
    Seperti di IOS, kita bisa meletakan rule nya diarah
    inbound atau outbound, pada kasus saya akan saya simpan
    di arah inbound int fxp0.0
    --------------------------------------------------------
    [edit interfaces]
    root@cnc1# set fxp0.0 family inet filter input protect-router
    root@cnc1#
    --------------------------------------------------------
    [edit interfaces fxp0 unit 0]
    root@cnc1# show
    family inet {
    filter {
    input protect-router;
    }
    address 192.168.10.1/24;
    }

    [edit interfaces fxp0 unit 0]


    root@cnc1#
    --------------------------------------------------------
    Hasilnya adalah sebagai berikut :
    --------------------------------------------------------
    --------------------------------------------------------
    Sekian dulu mudah-mudahan bermanfaat, kalau ada yang keliru
    tolong beritahu saya "CMIIW"

    You might also like