[j-nsp] Multiple prefix-lists
Eric Van Tol
eric at atlantech.net
Mon Mar 7 11:02:00 EST 2005
Hi all,
I have a firewall filter which does not seem to be working in 7.0R2.7:
term 0-allow_networks {
from {
prefix-list {
services;
noc;
}
}
then accept;
}
term 1000-implicit_deny {
then {
discard;
}
}
prefix-list services {
192.168.0.0/24;
192.168.25.0/26;
}
prefix-list noc {
192.168.50.0/24;
}
For some reason, I have an IP address (let's say 192.168.60.6) which
falls outside of any defined prefix in the lists, which is getting
through the firewall filter. If I remove _one_ of the prefix-lists in
the first term (doesn't matter which one), the filter works and the IP
is blocked. Maybe all I need is another pair of eyes looking at this
filter, but for the love of Pete, this filter is so simple, I'll kick
myself if I made a bonehead mistake!
Thanks in advance,
evt
More information about the juniper-nsp
mailing list