\u0427\u0430\u0441\u0442\u043e \u0431\u044b\u0432\u0430\u0435\u0442 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0435 «\u043f\u043e\u0434\u0441\u0435\u0442\u0438» \u0438\u043b\u0438 \u043d\u0430\u043e\u0431\u043e\u0440\u043e\u0442 \u0440\u0430\u0437\u0440\u0435\u0448\u0438\u0442\u044c \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0435 IP \u0430\u0434\u0440\u0435\u0441\u0430 \u043d\u0430 \u0434\u043e\u0441\u0442\u0443\u043f \u0432 \u043d\u0435\u043a\u0438\u0439 VLAN. \u0414\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c Firewall Filter.<\/p>\n
\u041d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u043c\u044b \u0445\u043e\u0442\u0438\u043c \u0440\u0430\u0437\u0440\u0435\u0448\u0438\u0442\u044c \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u0432\u0443\u043c \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430\u043c \u0434\u043e\u0441\u0442\u0443\u043f \u0432 \u043d\u0430\u0448 VLAN.<\/p>\n
\u0421\u043e\u0437\u0434\u0430\u0435\u043c policy, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u044f\u0435\u043c \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u043d\u044b\u0435 \u0430\u0434\u0440\u0435\u0441\u0430 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043e\u0432, \u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u0441\u043e\u0437\u0434\u0430\u0435\u043c \u043d\u0435\u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u0441\u0430\u043c \u0444\u0438\u043b\u044c\u0442\u0440.<\/p>\n
policy-options {\n prefix-list whitelist-ip {\n 192.168.1.10\/32;\n 192.168.1.10\/32;\n }\n}\nfirewall {\n family inet {\n filter whitelist-ip-allow {\n interface-specific;\n term allow {\n from {\n destination-prefix-list {\n whitelist-ip;\n }\n }\n then accept;\n }\n term other {\n then {\n discard;\n }\n }\n }\n }\n}\n\n<\/pre>\nFirewall filter \u043c\u043e\u0436\u0435\u0442 \u0432\u043a\u043b\u044e\u0447\u0430\u0442\u044c \u0432 \u0441\u0435\u0431\u044f \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e term, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u044e\u0442\u0441\u044f \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e.<\/span><\/p>\n\u0421\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u0448\u0430\u0433\u043e\u043c, \u043c\u044b \u043f\u0440\u0438\u043a\u0440\u0443\u0447\u0438\u0432\u0430\u0435\u043c \u0444\u0438\u043b\u044c\u0442\u0440, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440 \u043d\u0430 \u043d\u0430\u0448 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 (VLAN)<\/p>\n
vlan {\n unit 30 {\n family inet {\n filter {\n input whitelist-ip-allow;\n }\n address 10.1.30.1\/24;\n }\n }\n}<\/pre>\n\u0421\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u0432\u0441\u0435.<\/p>\n","protected":false},"excerpt":{"rendered":"
\u0427\u0430\u0441\u0442\u043e \u0431\u044b\u0432\u0430\u0435\u0442 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0435 «\u043f\u043e\u0434\u0441\u0435\u0442\u0438» \u0438\u043b\u0438 \u043d\u0430\u043e\u0431\u043e\u0440\u043e\u0442 \u0440\u0430\u0437\u0440\u0435\u0448\u0438\u0442\u044c \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0435 IP \u0430\u0434\u0440\u0435\u0441\u0430 \u043d\u0430 \u0434\u043e\u0441\u0442\u0443\u043f \u0432 \u043d\u0435\u043a\u0438\u0439 VLAN. \u0414\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c Firewall Filter. \u041d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u043c\u044b \u0445\u043e\u0442\u0438\u043c \u0440\u0430\u0437\u0440\u0435\u0448\u0438\u0442\u044c \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u0432\u0443\u043c \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430\u043c \u0434\u043e\u0441\u0442\u0443\u043f \u0432 \u043d\u0430\u0448 VLAN. \u0421\u043e\u0437\u0434\u0430\u0435\u043c policy, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u044f\u0435\u043c \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u043d\u044b\u0435 \u0430\u0434\u0440\u0435\u0441\u0430 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043e\u0432, \u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u0441\u043e\u0437\u0434\u0430\u0435\u043c \u043d\u0435\u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u0441\u0430\u043c \u0444\u0438\u043b\u044c\u0442\u0440. policy-options { prefix-list whitelist-ip { 192.168.1.10\/32; 192.168.1.10\/32; […]<\/p>\n","protected":false},"author":1,"featured_media":882,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-421","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-juniper-srx"],"_links":{"self":[{"href":"https:\/\/www.vassiliev.me\/index.php?rest_route=\/wp\/v2\/posts\/421","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.vassiliev.me\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.vassiliev.me\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.vassiliev.me\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.vassiliev.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=421"}],"version-history":[{"count":13,"href":"https:\/\/www.vassiliev.me\/index.php?rest_route=\/wp\/v2\/posts\/421\/revisions"}],"predecessor-version":[{"id":1053,"href":"https:\/\/www.vassiliev.me\/index.php?rest_route=\/wp\/v2\/posts\/421\/revisions\/1053"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.vassiliev.me\/index.php?rest_route=\/wp\/v2\/media\/882"}],"wp:attachment":[{"href":"https:\/\/www.vassiliev.me\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=421"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.vassiliev.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=421"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.vassiliev.me\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=421"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}