Lab Data#

Topology#

Rocky-Linux <—> Oob-Router <–> R1

Subnets#

Rocky-Linux: .21 <- 192.168.201.0/24 -> Oob-Router:.1 <- 172.17.81.0/24 -> R1:.42

Purpose#

Connecting to R1 from a remote machine using SSH must be restricted to a list of management stations whith authorized IP addresses.

Sample Configuration#

root@R1> show configuration policy-options prefix-list WassimRocky 
192.168.201.0/24;
root@R1> 
root@R1> show configuration firewall family inet filter Filter1 
term AllowRocky {
    from {
        source-prefix-list {
            WassimRocky;
        }
        destination-port ssh;
    }
    then accept;
}
term PreventOthersSSH {
    from {
        destination-port ssh;
    }
    then {
        count CountSSHdiscards;         
        discard;
    }
}
term AllowOthers {
    then accept;
}
root@R1> show configuration interfaces lo0 unit 0 
family inet {
    filter {
        input Filter1;
    }
    address 1.1.1.1/32;
}

Restricting SSH Remote Access to Selected Management Stations

Lab Data#

Topology#

Subnets#

Purpose#

Sample Configuration#