[j-nsp] Firewall port range in 7.3
Niels Bakker
niels=juniper-nsp at bakker.net
Tue Oct 18 11:11:41 EDT 2005
This:
---
niels at junix> show configuration firewall family inet filter SOMETHING term allow-ephemeral-ports
from {
protocol [ tcp udp ];
destination-port-except [ 1-1023, 2049, 6000, 6010 ];
}
then {
count high-ports;
accept;
}
---
has worked in 6.2, 6.3, 7.1 and 7.2 untilR2.4 but fails in 7.3R2.9 with
the following error during "request system software add":
---
Validating against /config/juniper.conf.gz
/config/juniper.conf:2715:(53) range: '1-1023,': Must be a numerical port
number or a range in the form '
---
Could be a regression of an old bug present in JunOS 6.4R1.6 (PR 49793),
which was supposedly fixed in September 2004. So beware when upgrading.
-- Niels.
--
More information about the juniper-nsp
mailing list