address-range low 10.148.2.1 high 10.148.2.32;
port automatic;
}
rule nat-to-wan-rule {
match-direction output;
term private-public-term {
then {
translated {
source-pool public-pool;
translation-type source dynamic;
}
}
}
}
}
service-set wan-service-set {
stateful-firewall-rules to-wan-rule;
stateful-firewall-rules from-wan-rule;
nat-rules nat-to-wan-rule;
interface-service {
service-interface sp-0/0/0;
}
}
[edit]
user@host# show firewall
firewall {
family inet {
filter protect-RE {
term ssh-term {
from {
source-address {
192.168.122.0/24;
}
protocol tcp;
destination-port ssh;
}
then accept;
}
term bgp-term {
from {
source-address {
10.2.1.0/24;
}
protocol tcp;
destination-port bgp;
}
then accept;
}
term discard-rest-term {
then {
log;
syslog;
discard;
Configuring Firewall Filters and NAT
Verifying Firewall Filter Configuration
417