[j-nsp] IPv6 firewall question
Harry Reynolds
harry at juniper.net
Mon Jul 2 16:23:08 EDT 2012
Adding, this knob appears to have come in sometime around 11.4, is poorly documented, and has at least some hardware dependency.
I believe supported on MX, trio, 11.4 and above.
Regards
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Harry Reynolds
Sent: Monday, July 02, 2012 11:49 AM
To: Alex D.; Juniper-Nsp
Subject: Re: [j-nsp] IPv6 firewall question
Try hop-limit
set firewall family inet6 filter test term 1 from hop-limit
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Alex D.
Sent: Monday, July 02, 2012 11:47 AM
To: Juniper-Nsp
Subject: [j-nsp] IPv6 firewall question
Hi guys,
i have a running IPv4 firewall filter for limiting tcp-traceroute. All works as desired:
term accept-traceroute-tcp {
from {
destination-prefix-list {
router-v4-addr;
}
protocol tcp;
ttl 1;
}
then {
policer management-1m;
count accept-traceroute-tcp;
accept;
}
}
Now i want to build the same filter for IPv6, but the statement "ttl" is not suported within family inet6 Does anybody knows the equivalent for IPv6.
Thanks in advance...
Regards,
Alex
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list