Hi Ahmed-netsec,
It’s much simple… You MUST always allow what you know/want exclusively and block the rest…
Term 1 – Allow the IP for Interested Specific Subnet [Genuine] for TCP/UDP
Sample: Allow all Trusted IP TTL,
term TTL=1 {
from {
source-prefix-list {
Infra;
}
protocol udp;
ttl 1;
destination-port 33434-33523;
}
then {
policer 25k_drop;
accept;
}
}
Term 2 – Drop the rest of the traffic for any IP
Last Term:
term DENY_R {
then {
count deny_others;
log;
syslog;
discard;
}
}