Hello Guys,
I'm willing to block 3000 IPs on an SRX but I'm struggling with the best efficient way to do it.
I trick is block the address-set (address-group) in a policy but I need to define all the 3000 IPs in the address-group.
I'm planning to place all the IPs in a column of excel sheet and then just copy the command with incrementation
set security zones security-zone untrust address-book address Banned-IP-1 88.88.88.88/32
set security zones security-zone untrust address-book address Banned-IP-2 77.77.77.77/32
set security zones security-zone untrust address-book address-set Banned-Group address Banned-IP-1
set security zones security-zone untrust address-book address-set Banned-Group address Banned-IP-2
Does anybody have a better way?
No comments:
Post a Comment