cartman@gw-jsrx240# run show version Hostname: gw-jsrx240 Model: srx240b JUNOS Software Release [12.1X46-D20.5]
cartman@gw-jsrx240# show security nat | display set set security nat source rule-set trust-to-untrust from zone trust set security nat source rule-set trust-to-untrust to zone untrust set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 0.0.0.0/0 set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat interface
cartman@gw-jsrx240# show security nat source { rule-set trust-to-untrust { from zone trust; to zone untrust; rule source-nat-rule { match { source-address 0.0.0.0/0; } then { source-nat { interface; } } } } }
set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 0.0.0.0/0
set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 172.16.1.0/27
cartman@gw-jsrx240# show system services dhcp | display set set system services dhcp maximum-lease-time 21600 set system services dhcp default-lease-time 21600 set system services dhcp pool 172.16.1.0/27 address-range low 172.16.1.2 set system services dhcp pool 172.16.1.0/27 address-range high 172.16.1.30 set system services dhcp pool 172.16.1.0/27 router 172.16.1.1 set system services dhcp propagate-settings vlan.0
cartman@gw-jsrx240# show system services dhcp maximum-lease-time 21600; default-lease-time 21600; pool 172.16.1.0/27 { address-range low 172.16.1.2 high 172.16.1.30; router { 172.16.1.1; } } propagate-settings vlan.0;
cartman@gw-jsrx240# run show system services dhcp statistics Packets dropped: Total 0 Messages received: BOOTREQUEST 0 DHCPDECLINE 0 DHCPDISCOVER 0 DHCPINFORM 0 DHCPRELEASE 0 DHCPREQUEST 0 Messages sent: BOOTREPLY 0 DHCPOFFER 0 DHCPACK 0 DHCPNAK 0
cartman@gw-jsrx240# show system services dns | display set set system services dns forwarders 8.8.8.8 set system services dns forwarders 8.8.4.4 set system services dns dns-proxy interface vlan.0 set system services dns dns-proxy cache gw-jsrx240.HOME.local inet 172.16.1.1
cartman@gw-jsrx240# show system services dns forwarders { 8.8.8.8; 8.8.4.4; } dns-proxy { interface { vlan.0; } cache { gw-jsrx240.HOME.local inet 172.16.1.1; } }
cartman@gw-jsrx240# show system name-server | display set set system name-server 172.16.1.1
cartman@gw-jsrx240# show system name-server 172.16.1.1;
cartman@gw-jsrx240# run show system services dns-proxy statistics DNS proxy statistics : Status : enabled IPV4 Queries received : 0 IPV6 Queries received : 0 Responses sent : 0 Queries forwarded : 0 Negative responses : 0 Positive responses : 0 Retry requests : 0 Pending requests : 0 Server failures : 0 Interfaces : vlan.0
cartman@gw-jsrx240# run show system services dns-proxy cache
cartman@gw-jsrx240# run clear system services dns-proxy cache
cartman@gw-jsrx240# show system services ssh | display set set system services ssh root-login deny set system services ssh protocol-version v2 set system services ssh connection-limit 5 set system services ssh rate-limit 5 cartman@gw-jsrx240# show system login | display set set system login retry-options tries-before-disconnect 5 set system login retry-options backoff-threshold 1 set system login retry-options backoff-factor 10 set system login retry-options minimum-time 30 set system login user cartman full-name "FIRST_NAME LAST_NAME" set system login user cartman uid 2000 set system login user cartman class super-user set system login user cartman authentication ssh-rsa "SSH_RSA_PUBLIC_KEY"
cartman@gw-jsrx240# show system services ssh root-login deny; protocol-version v2; connection-limit 5; rate-limit 5; cartman@gw-jsrx240# show system login retry-options { tries-before-disconnect 5; backoff-threshold 1; backoff-factor 10; minimum-time 30; } user cartman { full-name "FIRST_NAME LAST_NAME"; uid 2000; class super-user; authentication { ssh-rsa "SSH_RSA_PUBLIC_KEY"; ## SECRET-DATA } }
cartman@gw-jsrx240# show security screen | display set set security screen ids-option untrust-screen icmp ping-death set security screen ids-option untrust-screen ip source-route-option set security screen ids-option untrust-screen ip tear-drop set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024 set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200 set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024 set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048 set security screen ids-option untrust-screen tcp syn-flood timeout 20 set security screen ids-option untrust-screen tcp land
cartman@gw-jsrx240# show security screen ids-option untrust-screen { icmp { ping-death; } ip { source-route-option; tear-drop; } tcp { syn-flood { alarm-threshold 1024; attack-threshold 200; source-threshold 1024; destination-threshold 2048; timeout 20; } land; } }
cartman@gw-jsrx240# commit check configuration check succeeds cartman@gw-jsrx240# commit commit complete
Source: https://habr.com/ru/post/229765/
All Articles