[j-nsp] Firewall filter: Allow ISIS
harry
harry at juniper.net
Wed Aug 27 11:31:12 EDT 2003
AFAIK, we do not support filtering of ISO PDUs.
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Guy Davies
> Sent: Wednesday, August 27, 2003 5:06 AM
> To: 'Mourad BERKANE'; 'Neil Stirling'
> Cc: juniper-nsp at puck.nether.net
> Subject: RE: [j-nsp] Firewall filter: Allow ISIS
>
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> iso filtering is simple. Just don't enable family iso on an
> interface and no iso packets will cross the interface :-)
>
> Regards,
>
> Guy
>
> - -----Original Message-----
> From: Mourad BERKANE [ mailto:mourad.berkane at lambdanet.fr
> <mailto:mourad.berkane at lambdanet.fr> ]
> Sent: Wednesday, August 27, 2003 12:35 PM
> To: 'Neil Stirling'
> Cc: juniper-nsp at puck.nether.net
> Subject: RE: [j-nsp] Firewall filter: Allow ISIS
>
>
> OSPF run over IP, ISIS not.
>
> Do you need to do an ISO filtering?
>
>
> -----Message d'origine-----
> De : Neil Stirling [ mailto:neil.stirling at nortelnetworks.com
> <mailto:neil.stirling at nortelnetworks.com> ]
> Envoyé : mercredi 27 août 2003 13:07
> À : juniper-nsp at puck.nether.net
> Objet : [j-nsp] Firewall filter: Allow ISIS
>
>
>
> All,
>
> I'm being a little lazy, but need to know what parameter
> 'from' is set for matching all ISIS packets in a firewall filter.
>
> This is obviously applied to the lo0 interface.
>
> An OSPF example;
>
> term allow-ospf {
> from {
> source-address {
> 192.168.2.0/24;
> 192.168.3.0/24;
> }
> protocol ospf;
> }
> then accept;
> }
>
> There is NO 'protocol isis' or 'iso' in release 6.0R1.3.
>
> Thanks, Neil.
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0
>
> iQA/AwUBP0yekI3dwu/Ss2PCEQKEhwCg25P7k0NaWduGYfZrSY/pYxeH340AoO96
> RG9lgSggRP945yjpcrBEafnG
> =+xfo
> -----END PGP SIGNATURE-----
>
>
>
>
>
More information about the juniper-nsp
mailing list