From Juniper SRX SG NDM Security Technical Implementation Guide
Part of SRG-APP-000516-NDM-000317
Associated with: CCI-000366
The loopback interface is a logical interface and has no physical port. Since the interface and addresses ranges are well-known, this port must be filtered to protect the Juniper SRX from attacks.
If the loopback interface is not used, this is not applicable. Verify the loopback interface is protected by firewall filters. [edit] show interfaces lo0 If the loopback interface is not configured with IPv6 and IPv4 firewall filters, this is a finding.
If the loopback interface is used, configure firewall filters. The following is an example of configuring a loopback address with filters on the device. It shows the format of both IPv4 and IPv6 addresses being applied to the interface. The first two commands show firewall filters being applied to the interface. [edit] set interfaces lo0 unit 0 family inet filter input protect_re set interfaces lo0 unit 0 family inet6 filter input protect_re-v6 set interfaces lo0 unit 0 family inet address 1.1.1.250/32 set interfaces lo0 unit 0 family inet6 address 2100::250/128
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer