https://wassimaouadi.com/tags/micro-lab/ Recent content in Micro-Lab on Hugo en Thu, 04 Jun 2026 21:31:13 +0200 https://wassimaouadi.com/technotes/junosrestrictremoteaccess/ Thu, 04 Jun 2026 21:31:13 +0200 https://wassimaouadi.com/technotes/junosrestrictremoteaccess/ <h1 id="lab-data">Lab Data</h1> <h5 id="topology">Topology</h5> <p>Rocky-Linux &lt;&mdash;&gt; Oob-Router &lt;&ndash;&gt; R1</p> <h5 id="subnets">Subnets</h5> <p>Rocky-Linux: .21 &lt;- 192.168.201.0/24 -&gt; Oob-Router:.1 &lt;- 172.17.81.0/24 -&gt; R1:.42</p> <h1 id="purpose">Purpose</h1> <p>Connecting to R1 from a remote machine using SSH must be restricted to a list of management stations whith authorized IP addresses.</p> <h1 id="sample-configuration">Sample Configuration</h1> <pre tabindex="0"><code>root@R1&gt; show configuration policy-options prefix-list WassimRocky 192.168.201.0/24; root@R1&gt; root@R1&gt; show configuration firewall family inet filter Filter1 term AllowRocky { from { source-prefix-list { WassimRocky; } destination-port ssh; } then accept; } term PreventOthersSSH { from { destination-port ssh; } then { count CountSSHdiscards; discard; } } term AllowOthers { then accept; } root@R1&gt; show configuration interfaces lo0 unit 0 family inet { filter { input Filter1; } address 1.1.1.1/32; } </code></pre>