[j-nsp] Re: Re: Re: Interfaces, deactivate vs disable
Erdem Sener
erdems at gmail.com
Thu Jun 9 17:30:18 EDT 2005
Hi,
Although what you suggest is wise enough on a last term aspect, but
still the question "where to place it between multiple terms?" remains
I guess.
Cheers,
Erdem
On 6/10/05, Daniel Roesen <dr at cluenet.de> wrote:
> On Thu, Jun 09, 2005 at 04:04:02PM -0400, Phil Shafer wrote:
> > Daniel Roesen writes:
> > >Yep. Another annoyance. Something like "terminal-term" instead of "term
> > >foo" would be nice. Or give the term name "terminal" or "last-resort" some
> > >special meaning.
> >
> > Are you looking for a full term or just an "otherwise"?
>
> Uhm, what do you mean with "just an 'otherwise'"? Can you given an
> example?
>
> What I was thinking of was e.g.:
>
> policy-options {
> policy-statement bla {
> term accept-FOO {
> ...
> }
> term accept-BAR {
> ...
> }
> term accept-BAZ {
> ...
> }
> term deny-and-log-rest {
> then {
> discward;
> log;
> count denied-rest;
> }
> }
> }
> }
>
> Now I want to add more FROB and QUX acceptance. Everytime I have to
> add something I need to do the "set term ..." drill, and always
> remember the final "insert term deny-and-log-rest after
> $LAST_ADDED_TERM". How nice it would be to have
>
> ...
> terminal-term deny-and-log-rest {
> then {
> discard;
> log;
> count denied-rest
> }
> }
> ...
>
> which would automatically get sorted as last term in the policy/filter
> automatically.
>
> I know it's possible for policies by no using "term" but just "then"
> directly in the policy-statement level (which is ugly and makes readers
> scratch their head), but this is not possible with firewall filters.
>
>
> Best regards,
> Daniel
>
> --
> CLUE-RIPE -- Jabber: dr at cluenet.de -- dr at IRCnet -- PGP: 0xA85C8AA0
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
-erdem
More information about the juniper-nsp
mailing list