Example: Blocking IP Packets with Incorrectly Formatted Options (CLI)

The following example shows how to configure the ip-bad-option screen to block large ICMP packets originating from the zone security zone.

To detect and block IP packets with incorrectly formatted IP options:

1. Configure the ip-bad-option screen:

   user@host# set security screen ids-option ip-bad-option ip bad-option

   Note: Currently this screen option is applicable only to IPv4.

2. Configure the zone security zone:

   user@host# set security zones security-zone zone screen ip-bad-option

Related Topics

• JUNOS Software Feature Support Reference for SRX Series and J Series Devices