Stateful firewall without function?

Try:

## Accept new connections in one direction and drop everything else:
set firewall ipv4 forward filter default-action drop
set firewall ipv4 forward filter rule 1001 action ‘accept’
set firewall ipv4 forward filter rule 1001 source address ‘10.121.20.200/32’
set firewall ipv4 forward filter rule 1001 destination address ‘192.168.172.1/32’
set firewall ipv4 forward filter rule 1001 log
set firewall ipv4 forward filter rule 1001 state new

## Accept established/related connections and drop invalid
set firewall global-options state-policy established action accept
set firewall global-options state-policy related action accept
set firewall global-options state-policy invalid action drop

1 Like