[j-nsp] no router alert
Bit Gossip
bit.gossip at chello.nl
Mon Dec 21 03:16:47 EST 2009
Dear experts,
I am struggling to formulate a term to drop all packets with any
ip-option set apart from router-alert.
The following term does NOT work because drops not only packets with
ip-options other than router-alert, but also packet with NO
ip-option !!!! Which of course is devastating !!!!!
Any idea how to implement it?
Thanks,
bit.
inactive: term NO-RT-ALERT {
from {
ip-options-except router-alert;
}
then {
count NO-RT-ALERT;
log;
discard;
}
}
More information about the juniper-nsp
mailing list