[j-nsp] ACL for lo0 template/example comprehensive list of 'things to think about'?
Jay Ford
jnford at uiowa.net
Wed Jul 11 15:14:40 EDT 2018
You might want "payload-protocol" for IPv6, except where you really want
"next-header". This is a case where there's not a definite single functional
mapping from IPv4 to IPv6.
________________________________________________________________________
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-ford at uiowa.edu, phone: 319-335-5555
On Wed, 11 Jul 2018, Olivier Benghozi wrote:
> One thing to think about, in IPv6:
> On MX, one can use "match protocol" (with Trio / MPC cards).
> But it's not supported on lo0 filters, where you were / probably still are restricted to "match next-header", in order to have a filter working as expected.
>
>> Le 11 juil. 2018 à 20:17, Drew Weaver <drew.weaver at thenap.com> a écrit :
>>
>> Is there a list of best practices or 'things to think about' when constructing a firewall filter for a loopback on an MX series router running version 15 of Junos?
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list