Juniper防火墙配置Firewall规则屏蔽或允许访问指定端口

set interfaces fe-0/0/7 unit 0 family inet filter input local_acl   # fe-0/0/7端口号；local_acl 规则名称，意思是为fe-0/0/7接口配置一个名为local_acl的规则，具体的规则如下
set firewall family inet filter local_acl term terminal_access from source-address 192.168.1.0/24   # source-address 不指定则表示所有
set firewall family inet filter local_acl term terminal_access from protocol tcp    # protocol 不指定则表示所有
set firewall family inet filter local_acl term terminal_access from port ssh    # 指定协议或端口号
set firewall family inet filter local_acl term terminal_access from port telnet
set firewall family inet filter local_acl term terminal_access then accept  # 指定动作是接受还是拒绝
set firewall family inet filter local_acl term terminal_access_denied from protocol tcp
set firewall family inet filter local_acl term terminal_access_denied from port ssh
set firewall family inet filter local_acl term terminal_access_denied from port telnet
set firewall family inet filter local_acl term terminal_access_denied then log  # 记录到日志
set firewall family inet filter local_acl term terminal_access_denied then reject
set firewall family inet filter local_acl term default-term then accept # 这条必须放最后，不然配置的reject规则不生效。用来放行所有除上面定义规则外的流量 Junos OS无状态过滤器的末尾 _有一个隐式拒绝术语。默认术语通过使用显式接受操作终止过滤器来替代_此_行为。