[j-nsp] ACL for lo0 template/example comprehensive list of 'things to think about'?
Chris Morrow
morrowc at ops-netman.net
Wed Jul 11 15:25:34 EDT 2018
On Wed, 11 Jul 2018 15:14:40 -0400,
Jay Ford <jnford at uiowa.net> wrote:
>
> You might want "payload-protocol" for IPv6, except where you really
> want "next-header". This is a case where there's not a definite
> single functional mapping from IPv4 to IPv6.
unclear why that's important here though? you MAY (and probably do)
have different security requirements between the 2 families, right? so
you're making a policy in ipv4 and you're making one in ipv6.
just use next-header...
(and for a bootstrap the cymru guides really are pretty straightforward)
More information about the juniper-nsp
mailing list