[j-nsp] Firewall filter: Allow ISIS

harry harry at juniper.net
Wed Aug 27 11:31:12 EDT 2003


AFAIK, we do not support filtering of ISO PDUs.



> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net 
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Guy Davies
> Sent: Wednesday, August 27, 2003 5:06 AM
> To: 'Mourad BERKANE'; 'Neil Stirling'
> Cc: juniper-nsp at puck.nether.net
> Subject: RE: [j-nsp] Firewall filter: Allow ISIS
> 
> 
>   
> -----BEGIN PGP SIGNED MESSAGE----- 
> Hash: SHA1 
> 
> iso filtering is simple.  Just don't enable family iso on an 
> interface and no iso packets will cross the interface :-) 
>   
> Regards, 
>   
> Guy 
> 
> - -----Original Message----- 
> From: Mourad BERKANE [ mailto:mourad.berkane at lambdanet.fr
> <mailto:mourad.berkane at lambdanet.fr> ] 
> Sent: Wednesday, August 27, 2003 12:35 PM 
> To: 'Neil Stirling' 
> Cc: juniper-nsp at puck.nether.net 
> Subject: RE: [j-nsp] Firewall filter: Allow ISIS 
> 
> 
> OSPF run over IP, ISIS not. 
>   
> Do you need to do an ISO filtering? 
>   
> 
>  -----Message d'origine----- 
> De : Neil Stirling [ mailto:neil.stirling at nortelnetworks.com
> <mailto:neil.stirling at nortelnetworks.com> ] 
> Envoyé : mercredi 27 août 2003 13:07 
> À : juniper-nsp at puck.nether.net 
> Objet : [j-nsp] Firewall filter: Allow ISIS 
> 
> 
> 
> All, 
> 
> I'm being a little lazy, but need to know what parameter 
> 'from' is set for matching all ISIS packets in a firewall filter.
> 
> This is obviously applied to the lo0 interface. 
> 
> An OSPF example; 
> 
> term allow-ospf { 
>      from { 
>       source-address { 
>          192.168.2.0/24; 
>          192.168.3.0/24; 
>       } 
>       protocol ospf; 
>      } 
>      then accept; 
> } 
> 
> There is NO 'protocol isis' or 'iso' in release 6.0R1.3. 
> 
> Thanks, Neil. 
> 
> 
> -----BEGIN PGP SIGNATURE----- 
> Version: PGP 8.0 
> 
> iQA/AwUBP0yekI3dwu/Ss2PCEQKEhwCg25P7k0NaWduGYfZrSY/pYxeH340AoO96 
> RG9lgSggRP945yjpcrBEafnG 
> =+xfo 
> -----END PGP SIGNATURE----- 
>   
> 
>   
>   
> 




More information about the juniper-nsp mailing list