[j-nsp] RE: firewall filter to allow ospf to RE [9:2144]
Hasanga Hendehewa (EPA)
Hasanga.Hendehewa@ericsson.com.au
Wed, 2 Oct 2002 22:17:08 +1000
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C26A0D.A10DF200
Content-Type: text/plain
Hi,
Thanks. Works like a charm.
//Hasanga
>-----Original Message-----
>From: Scott F. Robohn [mailto:scott@robohn.com]
>Sent: Wednesday, 2 October 2002 9:51 PM
>To: Hasanga Hendehewa (EPA)
>Cc: juniper@groupstudy.com
>Subject: Re: firewall filter to allow ospf to RE [9:2144]
>
>
>"from protocol ospf" should be sufficient:
>
>term ospf {
> from protocol ospf;
> then accept;
>}
>
>The "from source-address 0/0" match condition may actually be trying to
>match on that as an actual source address.
>
>HTH,
>Scott
>
>"Hasanga Hendehewa (EPA)" wrote:
>>
>> Hi,
>> I am trying to allow ospf in a firewall filter to be applied
>to protect the
>> RE. I am having trouble with the setup. I have tried all
>options stated
>> below, but as soon as I apply any of these to lo0 and clear the OSPF
>> neighbor sessions, the node fails to re-establish the OSPF
>relationships.
>> What am I doing wrong here?
>>
>> Option#1
>> term ospf {
>> from {
>> source-address {
>> 0.0.0.0/0;
>> }
>> destination-address {
>> 224.0.0.5/32;
>> }
>> protocol ospf;
>> }
>> then accept;
>>
>> Option#2
>> term ospf {
>> from {
>> source-address {
>> 0.0.0.0/0;
>> }
>> /* interface address towards the neighbor */
>> destination-address {
>> xxx.xxx.xxx.xxx/xx;
>> }
>> protocol ospf;
>> }
>> then {
>> accept;
>> }
>>
>> Option#3
>> term ospf {
>> from {
>> source-address {
>> 0.0.0.0/0;
>> }
>> protocol ospf;
>> }
>> then {
>> accept;
>> }
>>
>> Message Posted at:
>> http://www.groupstudy.com/form/read.php?f=9&i=2144&t=2144
>> --------------------------------------------------
>> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/juniper.html
------_=_NextPart_001_01C26A0D.A10DF200
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3DUS-ASCII">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2654.19">
<TITLE>RE: firewall filter to allow ospf to RE [9:2144]</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=3D2>Hi,</FONT>
</P>
<P><FONT SIZE=3D2>Thanks. Works like a charm.</FONT>
<BR><FONT SIZE=3D2>//Hasanga</FONT>
</P>
<P><FONT SIZE=3D2>>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>>From: Scott F. Robohn [<A =
HREF=3D"mailto:scott@robohn.com">mailto:scott@robohn.com</A>]</FONT>
<BR><FONT SIZE=3D2>>Sent: Wednesday, 2 October 2002 9:51 PM</FONT>
<BR><FONT SIZE=3D2>>To: Hasanga Hendehewa (EPA)</FONT>
<BR><FONT SIZE=3D2>>Cc: juniper@groupstudy.com</FONT>
<BR><FONT SIZE=3D2>>Subject: Re: firewall filter to allow ospf to RE =
[9:2144]</FONT>
<BR><FONT SIZE=3D2>></FONT>
<BR><FONT SIZE=3D2>></FONT>
<BR><FONT SIZE=3D2>>"from protocol ospf" should be =
sufficient:</FONT>
<BR><FONT SIZE=3D2>></FONT>
<BR><FONT SIZE=3D2>>term ospf {</FONT>
<BR><FONT SIZE=3D2>> from protocol ospf;</FONT>
<BR><FONT SIZE=3D2>> then accept;</FONT>
<BR><FONT SIZE=3D2>>}</FONT>
<BR><FONT SIZE=3D2>></FONT>
<BR><FONT SIZE=3D2>>The "from source-address 0/0" match =
condition may actually be trying to</FONT>
<BR><FONT SIZE=3D2>>match on that as an actual source =
address.</FONT>
<BR><FONT SIZE=3D2>></FONT>
<BR><FONT SIZE=3D2>>HTH,</FONT>
<BR><FONT SIZE=3D2>>Scott</FONT>
<BR><FONT SIZE=3D2>></FONT>
<BR><FONT SIZE=3D2>>"Hasanga Hendehewa (EPA)" =
wrote:</FONT>
<BR><FONT SIZE=3D2>>> </FONT>
<BR><FONT SIZE=3D2>>> Hi,</FONT>
<BR><FONT SIZE=3D2>>> I am trying to allow ospf in a firewall =
filter to be applied </FONT>
<BR><FONT SIZE=3D2>>to protect the</FONT>
<BR><FONT SIZE=3D2>>> RE. I am having trouble with the setup. I =
have tried all </FONT>
<BR><FONT SIZE=3D2>>options stated</FONT>
<BR><FONT SIZE=3D2>>> below, but as soon as I apply any of these =
to lo0 and clear the OSPF</FONT>
<BR><FONT SIZE=3D2>>> neighbor sessions, the node fails to =
re-establish the OSPF </FONT>
<BR><FONT SIZE=3D2>>relationships.</FONT>
<BR><FONT SIZE=3D2>>> What am I doing wrong here?</FONT>
<BR><FONT SIZE=3D2>>> </FONT>
<BR><FONT SIZE=3D2>>> Option#1</FONT>
<BR><FONT =
SIZE=3D2>>> term =
ospf {</FONT>
<BR><FONT =
SIZE=3D2>>> &=
nbsp; from {</FONT>
<BR><FONT =
SIZE=3D2>>> &=
nbsp; source-address {</FONT>
<BR><FONT =
SIZE=3D2>>> &=
nbsp; =
0.0.0.0/0;</FONT>
<BR><FONT =
SIZE=3D2>>> &=
nbsp; }</FONT>
<BR><FONT =
SIZE=3D2>>> &=
nbsp; destination-address {</FONT>
<BR><FONT =
SIZE=3D2>>> &=
nbsp; =
224.0.0.5/32;</FONT>
<BR><FONT =
SIZE=3D2>>> &=
nbsp; }</FONT>
<BR><FONT =
SIZE=3D2>>> &=
nbsp; protocol ospf;</FONT>
<BR><FONT =
SIZE=3D2>>> &=
nbsp; }</FONT>
<BR><FONT =
SIZE=3D2>>> &=
nbsp; then accept;</FONT>
<BR><FONT SIZE=3D2>>> </FONT>
<BR><FONT SIZE=3D2>>> Option#2</FONT>
<BR><FONT =
SIZE=3D2>>> term =
ospf {</FONT>
<BR><FONT =
SIZE=3D2>>> &=
nbsp; from {</FONT>
<BR><FONT =
SIZE=3D2>>> &=
nbsp; source-address {</FONT>
<BR><FONT =
SIZE=3D2>>> &=
nbsp; =
0.0.0.0/0;</FONT>
<BR><FONT =
SIZE=3D2>>> &=
nbsp; }</FONT>
<BR><FONT SIZE=3D2>>> /* interface address towards the neighbor =
*/</FONT>
<BR><FONT =
SIZE=3D2>>> &=
nbsp; destination-address {</FONT>
<BR><FONT =
SIZE=3D2>>> &=
nbsp; =
xxx.xxx.xxx.xxx/xx;</FONT>
<BR><FONT =
SIZE=3D2>>> &=
nbsp; }</FONT>
<BR><FONT =
SIZE=3D2>>> &=
nbsp; protocol ospf;</FONT>
<BR><FONT =
SIZE=3D2>>> &=
nbsp; }</FONT>
<BR><FONT =
SIZE=3D2>>> &=
nbsp; then {</FONT>
<BR><FONT =
SIZE=3D2>>> &=
nbsp; accept;</FONT>
<BR><FONT =
SIZE=3D2>>> &=
nbsp; }</FONT>
<BR><FONT SIZE=3D2>>> </FONT>
<BR><FONT SIZE=3D2>>> Option#3</FONT>
<BR><FONT =
SIZE=3D2>>> term =
ospf {</FONT>
<BR><FONT =
SIZE=3D2>>> &=
nbsp; from {</FONT>
<BR><FONT =
SIZE=3D2>>> &=
nbsp; source-address {</FONT>
<BR><FONT =
SIZE=3D2>>> &=
nbsp; =
0.0.0.0/0;</FONT>
<BR><FONT =
SIZE=3D2>>> &=
nbsp; }</FONT>
<BR><FONT =
SIZE=3D2>>> &=
nbsp; protocol ospf;</FONT>
<BR><FONT =
SIZE=3D2>>> &=
nbsp; }</FONT>
<BR><FONT =
SIZE=3D2>>> &=
nbsp; then {</FONT>
<BR><FONT =
SIZE=3D2>>> &=
nbsp; accept;</FONT>
<BR><FONT =
SIZE=3D2>>> &=
nbsp; }</FONT>
<BR><FONT SIZE=3D2>>> </FONT>
<BR><FONT SIZE=3D2>>> Message Posted at:</FONT>
<BR><FONT SIZE=3D2>>> <A =
HREF=3D"http://www.groupstudy.com/form/read.php?f=3D9&i=3D2144&t=3D2144"=
=
TARGET=3D"_blank">http://www.groupstudy.com/form/read.php?f=3D9&i=3D2144=
&t=3D2144</A></FONT>
<BR><FONT SIZE=3D2>>> =
--------------------------------------------------</FONT>
<BR><FONT SIZE=3D2>>> FAQ, list archives, and subscription info: =
</FONT>
<BR><FONT SIZE=3D2><A =
HREF=3D"http://www.groupstudy.com/list/juniper.html" =
TARGET=3D"_blank">http://www.groupstudy.com/list/juniper.html</A></FONT>=
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C26A0D.A10DF200--