[j-nsp] Re: Re: Interfaces, deactivate vs disable
Daniel Roesen
dr at cluenet.de
Wed Jun 8 13:28:20 EDT 2005
On Wed, Jun 08, 2005 at 01:15:18PM -0400, Eric Van Tol wrote:
> This begs the question, if using a standardized config, such as a
> firewall filter, what should be done when the packets hit that term
> which references the empty prefix-list? should they be accepted or
> denied?
That depends on the context in which the prefix-list is used. And
I disagree with IOS' semantics here.
A prefix-list specifies prefixes which do match when the prefix-list
is being referenced. The natural no-surprises outcome of an empty
prefix-list is (should be) that no prefix matches. If I give you an
empty shopping list you don't come back with all the goods the shop
had to offer, do you? :-)
Best regards,
Daniel
--
CLUE-RIPE -- Jabber: dr at cluenet.de -- dr at IRCnet -- PGP: 0xA85C8AA0
More information about the juniper-nsp
mailing list