[j-nsp] Re: Re: Re: Interfaces, deactivate vs disable

Erdem Sener erdems at gmail.com
Thu Jun 9 17:30:18 EDT 2005


Hi,

 Although what you suggest is wise enough on a last term aspect, but
still the question "where to place it between multiple terms?" remains
I guess.

 Cheers,
 Erdem

On 6/10/05, Daniel Roesen <dr at cluenet.de> wrote:
> On Thu, Jun 09, 2005 at 04:04:02PM -0400, Phil Shafer wrote:
> > Daniel Roesen writes:
> > >Yep. Another annoyance. Something like "terminal-term" instead of "term
> > >foo" would be nice. Or give the term name "terminal" or "last-resort" some
> > >special meaning.
> >
> > Are you looking for a full term or just an "otherwise"?
> 
> Uhm, what do you mean with "just an 'otherwise'"? Can you given an
> example?
> 
> What I was thinking of was e.g.:
> 
> policy-options {
>    policy-statement bla {
>        term accept-FOO {
>            ...
>        }
>        term accept-BAR {
>            ...
>        }
>        term accept-BAZ {
>            ...
>        }
>        term deny-and-log-rest {
>            then {
>                discward;
>                log;
>                count denied-rest;
>            }
>        }
>    }
> }
> 
> Now I want to add more FROB and QUX acceptance. Everytime I have to
> add something I need to do the "set term ..." drill, and always
> remember the final "insert term deny-and-log-rest after
> $LAST_ADDED_TERM". How nice it would be to have
> 
> ...
>        terminal-term deny-and-log-rest {
>            then {
>                discard;
>                log;
>                count denied-rest
>             }
>        }
> ...
> 
> which would automatically get sorted as last term in the policy/filter
> automatically.
> 
> I know it's possible for policies by no using "term" but just "then"
> directly in the policy-statement level (which is ugly and makes readers
> scratch their head), but this is not possible with firewall filters.
> 
> 
> Best regards,
> Daniel
> 
> --
> CLUE-RIPE -- Jabber: dr at cluenet.de -- dr at IRCnet -- PGP: 0xA85C8AA0
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
> 


-- 

-erdem



More information about the juniper-nsp mailing list