This wasn't the only problem, there are many issues, it's normal, I've not read single lo0 filter in real network which isn't fundamentally broken. Trying to tactically address the problems is waste of time when redesign is needed.
On Wed, 18 Mar 2020 at 18:18, Saku Ytti <[email protected]> wrote: > > I'm your BGP speaker. > > I set SPORT to 179 > I access your SSH port > > On Wed, 18 Mar 2020 at 18:16, John Kristoff <[email protected]> wrote: > > > > On Wed, 18 Mar 2020 16:02:09 +0000 > > Saku Ytti <[email protected]> wrote: > > > > > It is completely broken, you use 'port' so you expose every port in your > > > system. > > > > Ha, OK thanks. I think that would require some not so easy spoofing > > unless I'm missing something. We can convert any statement that just > > uses port to directional, which I think will require additional rules > > to tighten it up. Feel free to submit example configs. > > > > John > > > > -- > ++ytti -- ++ytti _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
