[j-nsp] Config ordering of security address-book and address-set members
Ge Moua
moua0100 at umn.edu
Fri Mar 7 07:16:43 EST 2014
quick & dirty 3-step to achieve said results:
1) save srx to set-style:
show configuration | display set | no-more
2) save output to plain-text for parsing
3) cat <srx_config> | egrep -i 'address-book' | egrep -i 'address-set' |
awk '{print $8}' | sort
caveat:
* one could put a shell / script wrapper around this for more elegant
automation
* traditional srx junos style config with stanza would require multiple
line parsing
* set-style config is easier to pars due to flat parameter
I like to hear of how others do this natively inside srx_shell too; thx !!
Regards,
Ge Moua
moua0100 at umn.edu
University of Minnesota Alumnus
--
On 3/7/14, 4:08 AM, Per Westerlund wrote:
> I don't KNOW why, but I realize that some want their entries sorted on address, others on name; therefore it is in insertion order with the possibility to reorder by ”insert …..” (or reorder externally, den delete and reapply content).
>
> /Per
>
> 7 mar 2014 kl. 11:02 skrev Phil Mayers <p.mayers at imperial.ac.uk>:
>
>> Does anyone know why JunOS on SRX doesn't apply alphabetical ordering for address-book members and address-set members? It seems rather pointless to have them ordered by insert order, since they don't have precedence - that all happens inside the policies.
>>
>> (We care because we have similar configs on multiple firewalls and a "check/compare" diff; so I had to write a Junoscript job to reorder them via a commit in order for the diff not to slowly grow)
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list