[j-nsp] fxp0.0 interface match in firewall filter doesn't work in JUNOS 12.3R5.7
Graham Brown
juniper-nsp at grahambrown.info
Tue Jan 21 01:13:52 EST 2014
HI Tore,
Thanks for the heads up - I had earmarked this version for a project so
I'll test around this first.
Cheers,
Graham
On 21 January 2014 14:35, Tore Anderson <tore at fud.no> wrote:
> This is a heads-up to anyone planning to upgrade to 12.3R5.7, especially
> if you don't have easy access to the serial console, but only a firewall
> term such as:
>
> term allow-oob-management {
> from {
> interface fxp0.0;
> }
> then accept;
> }
>
> ...in your lo0.0 input filter (which presumably then goes on to drop all
> unmatched traffic): It simply doesn't work.
>
> I've confirmed on both MX80 and MX240, several times. After a reboot,
> the term just gets skipped, it seems. Deactivating the term, committing,
> and then reactivating it fixes the problem but that might of course be
> easier said than done if locked out of the box.
>
> Terms doing source-address matches seems to work fine.
>
> Tore
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
Graham Brown
Twitter - @mountainrescuer <https://twitter.com/#!/mountainrescuer>
LinkedIn <http://www.linkedin.com/in/grahamcbrown>
More information about the juniper-nsp
mailing list