[j-nsp] Using routing policy in firewall filters
David Ball
davidtball at gmail.com
Fri Jul 11 12:30:21 EDT 2008
Hey folks. They say the definition of insanity is repeating the
same thing over and over and expecting different results, and again I
found myself trying to use routing policy in a firewall filter,
unsuccessfully.
We have 4 upstream ISPs, 2 on 1 router and 2 on another. Until now
we've had to maintain large prefix-lists including all customer blocks
on both routers such that they can be applied to firewall filters to
perform anti-spoofing. I'm trying to find a way to simplify this,
such that if my provisioning guys add a new customer who has their own
block, the anti-spoofing rules filtering inbound internet traffic will
allow it.
What are other folks doing? Prefix-list maintenance is the only way
? I get the feeling this question has been asked before, but I
couldn't find it.
David
More information about the juniper-nsp
mailing list