[j-nsp] no router alert
Truman Boyes
truman at suspicious.org
Tue Dec 22 20:12:55 EST 2009
This is expected behaviour. All other IP packets will also have an ip-options field and they are matching so they are then discarded. Maybe you need some more terms to accomplish what you want. I suspect you might want to explicitly discard specific ip-options.
Truman
On 21/12/2009, at 7:16 PM, Bit Gossip wrote:
> Dear experts,
> I am struggling to formulate a term to drop all packets with any
> ip-option set apart from router-alert.
> The following term does NOT work because drops not only packets with
> ip-options other than router-alert, but also packet with NO
> ip-option !!!! Which of course is devastating !!!!!
> Any idea how to implement it?
> Thanks,
> bit.
>
>
> inactive: term NO-RT-ALERT {
> from {
> ip-options-except router-alert;
> }
> then {
> count NO-RT-ALERT;
> log;
> discard;
> }
> }
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list