Hi, hope this will help

show policy-options


prefix-list SSH-Permit-Addresses {
x.x.x.x/16;
}
prefix-list SNMP-Permit-Addresses {
x.x.x.x/16;
}
prefix-list NTP-Servers {
127.0.0.1/32;
x.x.x.x/16;
}
prefix-list TACACS-Servers {
x.x.x.x/16;
}
prefix-list DNS-Servers {
x.x.x.x/16;
}
prefix-list LDP-Neighbor {
apply-path "protocols ldp session <*>";
}
prefix-list LDP-Neighbor-L2-Circ {
apply-path "protocols l2circuit neighbor <*>";
}
prefix-list BGP-Neighbor-Routing-Instance {
apply-path "routing-instances <*> protocols bgp group <*> neighbor <*>";
}
prefix-list BGP-Neighbor {
apply-path "protocols bgp group <*> neighbor <*>";
}



show firewall

family inet {
filter Permit-To-RE {
term icmp-policer {
from {
protocol icmp;
}
then policer icmp-10m;
}
term tcp-control-protection {
from {
source-address {
0.0.0.0/0;
}
protocol tcp;
tcp-flags "(syn & !ack) | fin | rst";
}
then policer tcp-control-1m;
}
term Permit-NOC-SSH {
from {
source-prefix-list {
SSH-Permit-Addresses;
}
protocol tcp;
destination-port ssh;
}
then accept;
}
term Deny-SSH {
from {
protocol tcp;
destination-port ssh;
}
then {
count Deny-SSH-Packets;
log;
syslog;
discard;
}
}
term Permit-NOC-SNMP {
from {
source-prefix-list {
SNMP-Permit-Addresses;
}
protocol udp;
destination-port snmp;
}
then accept;
}
term Deny-SNMP {
from {
protocol udp;
destination-port snmp;
}
then {
count Deny-SNMP-Packets;
log;
syslog;
discard;
}
}
term Permit-NTP-Server {
from {
source-prefix-list {
NTP-Servers;
}
protocol [ udp tcp ];
port ntp;
}
then accept;
}
term Deny-NTP {
from {
protocol [ udp tcp ];
port ntp;
}
then {
count Deny-NTP-Packets;
log;
syslog;
discard;
}
}
term Permit-TACACS-Servers {
from {
source-prefix-list {
TACACS-Servers;
}
protocol tcp;
port tacacs;
}
then accept;
}
term Deny-TACACS {
from {
protocol tcp;
port tacacs;
}
then {
count Deny-TACACS-Packets;
log;
syslog;
discard;
}
}
term Permited-BGP-Neighbor {
from {
source-prefix-list {
BGP-Neighbor;
BGP-Neighbor-Routing-Instance;
}
protocol tcp;
destination-port bgp;
}
then accept;
}
term Deny-BGP-Neighbor {
from {
protocol tcp;
destination-port bgp;
}
then {
count Deny-BGP-Packet;
log;
syslog;
discard;
}
}
term Permited-LDP-Neighbor {
from {
source-prefix-list {
LDP-Neighbor;
LDP-Neighbor-L2-Circ;
}
protocol tcp;
destination-port ldp;
}
then accept;
}
term Deny-LDP {
from {
protocol tcp;
destination-port ldp;
}
then {
count Deny-LDP-Packets;
log;
syslog;
discard;
}
}
term Permit-All {
then {
count All-Permitted-Packets-to-RE;
accept;
}
}
}
}


show interfaces lo0
unit 0 {
family inet {
filter {
input Permit-To-RE;
}
address y.y.y.y/32 {
primary;
}
address 127.0.0.1/32;
}
family iso {
address 49.0000.1111.2222.3333.00;
}
}


Regards,
George

Ganesh,
Try the JunOS security Template:

http://www.cymru.com/gillsr/documents/junos-template.pdf

Its pretty good...

Thanks
Anand




ganesh nagpure <gnagpure_mtnl at yahoo.com>
Sent by: juniper-nsp-bounces at puck.nether.net
06/12/2006 08:59 AM

To
juniper-nsp at puck.nether.net
cc

Subject
[j-nsp] Sample configuration of Juniper M7i






Hi all,


Does any one have sample configuration of Juniper M7i
router. I required configuraion for Protecting
Ethernet and fxp ip from telnet and ftp.


Thanks & Regards
Ganesh

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp

I am receiving these errors on my J-series box when trying to bring up an
Ethernet interface. The interfaces say up, bgp sessions can be established
put a ping to the interface addresses doesn't work. Very strange...any
ideas?

Here are the messages in my log:

Jul 1 19:48:18 JNCIE-Proctor fpc2: IFFPC: 'IFD media configuration'
(opcode 13) failed
Jul 1 19:48:18 JNCIE-Proctor fpc2: ifd 156; does not exist
Jul 1 19:48:18 JNCIE-Proctor /kernel: if_pfe: Error 8 (No IFD) on IF
command 13 (IFD mconfig)
Jul 1 19:48:18 JNCIE-Proctor /kernel: if_pfe: Error 8 (No IFD) on IF
command 55 (Ether set boolean)
Jul 1 19:48:18 JNCIE-Proctor last message repeated 2 times
Jul 1 19:48:18 JNCIE-Proctor /kernel: if_pfe: Error 8 (No IFD) on IF
command 54 (Ether set uint8)
Jul 1 19:48:18 JNCIE-Proctor fpc2: IFFPC: 'IFD Ether boolean set' (opcode
55) failed
Jul 1 19:48:18 JNCIE-Proctor fpc2: ifd 156; does not exist
Jul 1 19:48:18 JNCIE-Proctor fpc2: IFFPC: 'IFD Ether boolean set' (opcode
55) failed
Jul 1 19:48:18 JNCIE-Proctor fpc2: ifd 156; does not exist
Jul 1 19:48:18 JNCIE-Proctor fpcshow 2: IFFPC: 'IFD Ether boolean set'
(opcode 55) failed
Jul 1 19:48:18 JNCIE-Proctor fpc2: ifd 156; does not exist
Jul 1 19:48:18 JNCIE-Proctor fpc2: IFFPC: 'IFD Ether uint8 set' (opcode
54) failed
Jul 1 19:48:18 JNCIE-Proctor fpc2: ifd 156; does not exist

lab at JNCIE-Proctor> show bgp summary
Groups: 8 Peers: 10 Down peers: 2
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Damped...
192.2.36.1 65221 35 35 0 1 9:10
Establ
POD3.inet.0: 1/35/0

ab at JNCIE-Proctor> ping 192.2.36.1 routing-instance POD3
PING 192.2.36.1 (192.2.36.1): 56 data bytes
^C
--- 192.2.36.1 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss