[j-nsp] Using routing policy in firewall filters

David Ball davidtball at gmail.com
Fri Jul 11 12:30:21 EDT 2008


  Hey folks.  They say the definition of insanity is repeating the
same thing over and over and expecting different results, and again I
found myself trying to use routing policy in a firewall filter,
unsuccessfully.
  We have 4 upstream ISPs, 2 on 1 router and 2 on another.  Until now
we've had to maintain large prefix-lists including all customer blocks
on both routers such that they can be applied to firewall filters to
perform anti-spoofing.  I'm trying to find a way to simplify this,
such that if my provisioning guys add a new customer who has their own
block, the anti-spoofing rules filtering inbound internet traffic will
allow it.
  What are other folks doing?  Prefix-list maintenance is the only way
?  I get the feeling this question has been asked before, but I
couldn't find it.

David


More information about the juniper-nsp mailing list