[j-nsp] Config ordering of security address-book and address-set members

Ge Moua moua0100 at umn.edu
Fri Mar 7 07:19:05 EST 2014 

or maybe use 'sort -u' to only see unique matches; 'sort' by itself 
would contain hit count per unique entry though . . . . but you get the 
idea :-)

Regards,
Ge Moua
moua0100 at umn.edu
University of Minnesota Alumnus
--
  

On 3/7/14, 6:16 AM, Ge Moua wrote:
> quick & dirty 3-step to achieve said results:
> 1) save srx to set-style:
> show configuration | display set | no-more
>
> 2) save output to plain-text for parsing
>
> 3) cat <srx_config> | egrep -i 'address-book' | egrep -i 'address-set' 
> | awk '{print $8}' | sort
>
> caveat:
> * one could put a shell / script wrapper around this for more elegant 
> automation
> * traditional srx junos style config with stanza would require 
> multiple line parsing
> * set-style config is easier to pars due to flat parameter
>
> I like to hear of how others do this natively inside srx_shell too; 
> thx !!
>
> Regards,
> Ge Moua
> moua0100 at umn.edu
> University of Minnesota Alumnus
> -- 
>
>
> On 3/7/14, 4:08 AM, Per Westerlund wrote:
>> I don't KNOW why, but I realize that some want their entries sorted 
>> on address, others on name; therefore it is in insertion order with 
>> the possibility to reorder by ”insert …..” (or reorder externally, 
>> den delete and reapply content).
>>
>> /Per
>>
>> 7 mar 2014 kl. 11:02 skrev Phil Mayers <p.mayers at imperial.ac.uk>:
>>
>>> Does anyone know why JunOS on SRX doesn't apply alphabetical 
>>> ordering for address-book members and address-set members? It seems 
>>> rather pointless to have them ordered by insert order, since they 
>>> don't have precedence - that all happens inside the policies.
>>>
>>> (We care because we have similar configs on multiple firewalls and a 
>>> "check/compare" diff; so I had to write a Junoscript job to reorder 
>>> them via a commit in order for the diff not to slowly grow)
>>> _______________________________________________
>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list