Hi
I'm trying to implement access restriction via telnet\ssh to my switch via filter on lo0 interface as explained on this page :
But I'm not succeeding on that with reject command . It is giving me this error:
[edit interfaces lo0 unit 0 family inet]
'filter'
Referenced filter 'local_acl' can not be used as reject not supported on ingress loopback interface
error: configuration check-out failed
Only if I change to 'discard' instead of reject , it giving commit successful but still I can access the switch from any IP !!
why ?
Here is what I configured:
set firewall family inet filter local_acl term terminal_access from address x.x.x.x/32
set firewall family inet filter local_acl term terminal_access from protocol tcp
set firewall family inet filter local_acl term terminal_access from port ssh
set firewall family inet filter local_acl term terminal_access from port telnet
set firewall family inet filter local_acl term terminal_access then accept
set firewall family inet filter local_acl term terminal_access_denied from protocol tcp
set firewall family inet filter local_acl term terminal_access_denied from port ssh
set firewall family inet filter local_acl term terminal_access_denied from port telnet
set firewall family inet filter local_acl term terminal_access_denied then discard
set firewall family inet filter local_acl term default-term then accept
set interfaces lo0 unit 0 family inet filter input local_acl
set interfaces lo0 unit 0 family inet address 127.0.0.1/32