[j-nsp] ACL for lo0 template/example comprehensive list of 'things to think about'?

Chris Morrow morrowc at ops-netman.net
Wed Jul 11 15:25:34 EDT 2018


On Wed, 11 Jul 2018 15:14:40 -0400,
Jay Ford <jnford at uiowa.net> wrote:
> 
> You might want "payload-protocol" for IPv6, except where you really
> want "next-header".  This is a case where there's not a definite
> single functional mapping from IPv4 to IPv6.

unclear why that's important here though? you MAY (and probably do)
have different security requirements between the 2 families, right? so
you're making a policy in ipv4 and you're making one in ipv6.

just use next-header...

(and for a bootstrap the cymru guides really are pretty straightforward)


More information about the juniper-nsp mailing list