Referring to the exhibit, you want to block HTTP access to Web-Server from the subnet where
Mal-User is located. All other traffic should be permitted.
Which firewall filter configuration do you use?
A.
[edit firewall family inet filter STOP-MAL-USER]
user@router# show
term one {
from {
source-address {
200.200.200.0/24;
}
destination-address {
100.100.100.10/32;
}
protocol tcp;
destination-port http;
}
then accept;
}
term two {
then {
reject;
}
}
B.
[edit firewall family inet filter STOP-MAL-USER]
user@router# show
term one {
from {
source-address {
100.100.100.0/24;
}
destination-address {
200.200.200.1/32;
}
protocol tcp;
destination-port http;
}
then accept;
}
term two {
then {
reject;
}
}
C.
[edit firewall family inet filter STOP-MAL-USER]
user@router# show
term one {
from {
source-address {
100.100.100.0/24;
}
destination-address {
200.200.200.1/32;
}
protocol tcp;
destination-port http;
}
then reject;
}
term two {
then {
accept;
}
}
D.
[edit firewall family inet filter STOP-MAL-USER]
user@router# show
term one {
from {
source-address {
200.200.200.0/24;
}
destination-address {
100.100.100.10/32;
}
protocol tcp;
destination-port http;
}
then reject;
}
term two {
then {
accept;
}
}
Explanation:
D.
[edit firewall family inet filter STOP-MAL-USER]
user@router# show
term one {
from {
source-address {
200.200.200.0/24;
}
destination-address {
100.100.100.10/32;
}
protocol tcp;
destination-port http;
}
then reject;
}
term two {
then {
accept;
}
}