Escolar Documentos
Profissional Documentos
Cultura Documentos
Di Junos
http://iwing.wordpress.com
--------------------------------------------------------
Topology yang digunakan adalah sebagai berikut:
--------------------------------------------------------
--------------------------------------------------------
Contoh konfigurasi IOS software:
--------------------------------------------------------
Router(config)#access-list 110 deny ip host 192.168.10.2 any
Router(config)#access-list 110 permit ip any any
--------------------------------------------------------
Contoh konfigurasi JUNOS software:
--------------------------------------------------------
[edit firewall family inet filter test-blok]
root@cnc2# set term test-blok-iwing from source-address 192.168.10.2/32
root@cnc2# set term test-blok-iwing then reject
root@cnc2# set term accept-all then accept
root@cnc2#
--------------------------------------------------------
Kasus nya adalah, saya ingin memblokir ip host 192.168.10.2,
untuk mengakses ip host 192.168.30.2
--------------------------------------------------------
--------------------------------------------------------
[edit firewall]
root@cnc2# show
family inet {
filter test-blok {
term test-blok-iwing {
from {
source-address {
192.168.10.2/32;
}
}
then {
reject;
}
}
term accept-all {
then accept;
}
}
}
[edit firewall]
root@cnc2#
--------------------------------------------------------
Seperti di IOS, kita bisa meletakan rule nya diarah
inbound atau outbound, pada kasus saya akan saya simpan
di arah outbound int fxp0.0
--------------------------------------------------------
[edit interfaces]
root@cnc2# set fxp0.0 family inet filter output test-blok
root@cnc2#
--------------------------------------------------------
[edit interfaces fxp0 unit 0]
root@cnc2# show
family inet {
filter {
output test-blok;
}
address 192.168.30.1/24;
}
[edit firewall]
root@cnc1#
--------------------------------------------------------
Seperti di IOS, kita bisa meletakan rule nya diarah
inbound atau outbound, pada kasus saya akan saya simpan
di arah inbound int fxp0.0
--------------------------------------------------------
[edit interfaces]
root@cnc1# set fxp0.0 family inet filter input protect-router
root@cnc1#
--------------------------------------------------------
[edit interfaces fxp0 unit 0]
root@cnc1# show
family inet {
filter {
input protect-router;
}
address 192.168.10.1/24;
}