[j-nsp] JUNOS Vulnerability
Phil Shafer
phil at juniper.net
Thu Jan 27 13:29:15 EST 2005
Richard A Steenbergen writes:
>... have a simple junoscript based system for pushing out
>new code so that it is easy to manage changes across all routers.
Yah, yah! More junoscript. Rah!
>You probably don't
>want to be sticking random junk in your communities just to work around a
>silly config parser that makes invalid assumptions.
In general, we try to balance against allowing users to do anything
(including creating empty prefix-lists) with helping users avoid
and detect misconfigurations (such as empty prefix-lists ;^). It's
not always an easy call, given that one users's meat is another
user's poison. It's not always an easy call.
In this specific case, it's clearly just a bug. If the UI lets you
make an empty prefix-list, BGP should honor it. It's now PR 56110.
Thanks,
Phil
More information about the juniper-nsp
mailing list