[j-nsp] Multiple prefix-lists
Eric Van Tol
eric at atlantech.net
Mon Mar 7 11:19:50 EST 2005
Nevermind, I figured it out. I did, in fact, need another pair of eyes
looking at it. My issue was with the exclusion of a direction for the
prefix-list.
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Eric Van Tol
Sent: Monday, March 07, 2005 11:02 AM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] Multiple prefix-lists
Hi all,
I have a firewall filter which does not seem to be working in 7.0R2.7:
term 0-allow_networks {
from {
prefix-list {
services;
noc;
}
}
then accept;
}
term 1000-implicit_deny {
then {
discard;
}
}
prefix-list services {
192.168.0.0/24;
192.168.25.0/26;
}
prefix-list noc {
192.168.50.0/24;
}
For some reason, I have an IP address (let's say 192.168.60.6) which
falls outside of any defined prefix in the lists, which is getting
through the firewall filter. If I remove _one_ of the prefix-lists in
the first term (doesn't matter which one), the filter works and the IP
is blocked. Maybe all I need is another pair of eyes looking at this
filter, but for the love of Pete, this filter is so simple, I'll kick
myself if I made a bonehead mistake!
Thanks in advance,
evt
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list