Hi Nsylaj
You can use the below example to allow only certain IPs to ssh to the device.
root@QFX#run show firewall
Filter: __default_bpdu_filter__
Filter: VTYACL
Counters:
Name Bytes Packets
VTYACL 3360 24
{master:0}[edit]
root@QFX# show firewall filter VTYACL | display set
set firewall filter VTYACL term TERM1 from source-address 172.29.238.86/32
set firewall filter VTYACL term TERM1 from destination-address 10.219.42.218/32
set firewall filter VTYACL term TERM1 from protocol tcp
set firewall filter VTYACL term TERM1 from destination-port ssh
set firewall filter VTYACL term TERM1 then count VTYACL
set firewall filter VTYACL term TERM1 then log
set firewall filter VTYACL term TERM1 then accept
set firewall filter VTYACL term TERM2 then accept
{master:0}[edit]
root@QFX# show interfaces lo0 | display set
set interfaces lo0 unit 0 family inet filter input VTYACL
set interfaces lo0 unit 0 family inet address 172.16.1.2/32
{master:0}[edit]
root@QFX#