Dear i want to block all tcp incoming traffic on wan interface to lan interface when i have set block tcp
with destination address our prefix and source port 1-65535 its block internet traffic if anyone have rule please share me
You need to allow established traffic in before you block all ports.
This rule will do what you want I think (drops all traffic by default, but allows traffic that’s established)
set firewall name WAN-IN default-action 'drop'
set firewall name WAN-IN rule 10 action 'accept'
set firewall name WAN-IN rule 10 description 'Permit Return Traffic from the WAN'
set firewall name WAN-IN rule 10 state established 'enable'
set firewall name WAN-IN rule 10 state related 'enable'
If that doesn’t work as you want, please provide some config and explain what’s not working.
my bgp establihed with wan interface and my lan interface is tunnel interface
i want to block all tcp port on my ips that’s working on tunnel interface with bgp.