dns - Block a specific port on a Juniper -
i trying out has juniper srx550. want block outbound port 53 on dhcp pool, , outbound port 53 except name-server set dhcp pool (in case ips set opendns, don’t think relevant.
set system services dhcp pool 10.0.0.0/24 name-server 208.67.222.222
set name-server, have been unable find way block outbound dns aren’t going opendns servers.
this config looks currently:
dhcp { pool 10.0.0.0/24 { address-range low 10.0.0.10 high 10.0.0.254; name-server { 208.67.222.222; 208.67.220.220; } router { 10.0.0.1; } } }
set security policies from-zone "name of dhcp range zone" to-zone "name of dns server zone" match source-address "name of dhcp range in address list"
set security policies from-zone "name of dhcp range zone" to-zone "name of dns server zone" match destination-address "name of dns server in address list"
set security policies from-zone "name of dhcp range zone" to-zone "name of dns server zone" match application [ junos-dns-tcp junos-dns-udp ]
set security policies from-zone "name of dhcp range zone" to-zone "name of dns server zone" permit
set security policies global policy dns_block match source-address "name of dhcp range in address list"
set security policies global policy dns_block match application [ junos-dns-tcp junos-dns-udp ]
set security policies global policy dns_block deny
Comments
Post a Comment