[j-nsp] Preventing router from giving up it's IP in traceroutes
Stephen Gill
gillsr at yahoo.com
Wed Feb 12 23:17:38 EST 2003
Have you tried applying it to fxp0?
-- steve
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Phil Rosenthal
Sent: Wednesday, February 12, 2003 7:19 PM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] Preventing router from giving up it's IP in traceroutes
Is there any reliable non-kludge way of making the juniper not send out
time-exceeded responses, or doing it from a consistently incorrect
address?
# show firewall filter route-engine-out
term no-expire-out {
from {
icmp-type time-exceeded;
}
then discard;
}
term allow-rest {
then accept;
}
[edit]
Applying this as an outbound filter on lo0 seems to have no effect.
I could put a filter on all interfaces, but this seems to be too much
work
to maintain...
--Phil
ISPrime
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list