[j-nsp] JUNOS : prefix-list
Jonathan Looney
jonlooney at gmail.com
Thu Feb 7 07:10:18 EST 2008
Regarding the default behavior in firewall filters, there is no way
you can have an 'exact' match, since all source addresses are /32s by
definition. Therefore, the behavior of matching all addresses within
the prefix is the only reasonable behavior.
And, you can actually apply different match types to prefix lists in
routing policy now. Use the 'prefix-list-filter' configuration
statement.
For example:
[edit policy-options policy-statement example term example]
lab at HongKong# set from prefix-list-filter internal-routes ?
Possible completions:
exact Exactly match the prefix length
longer Mask is greater than the prefix length
orlonger Mask is greater than or equal to the prefix length
-Jon
On Feb 7, 2008 6:13 AM, Samuel <samuel.gay at c-s.fr> wrote:
> Hi group,
>
> In the Juniper documentation I can read:
> "A prefix list within a routing policy always assumes a route-filter
> match type of exact. Therefore, only routes explicitly listed in the
> prefix list will match."
>
> When I apply a prefix-list in a firewall-filter the way is not the same.
> A prefix-list within a firewall filter assumes a route-filter type of
> longer.
>
> Why this difference between a routing policy and a firewall filter?
>
> Regards,
> Samuel
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list