[j-nsp] ACL for lo0 template/example comprehensive list of 'things to think about'?
Olivier Benghozi
olivier.benghozi at wifirst.fr
Wed Jul 11 15:52:20 EDT 2018
Yes, I was really talking about "payload-protocol", not "protocol" :)
And this is the point, it didn't work on lo0 whereas it works on "physical" interfaces.
> Le 11 juil. 2018 à 21:14, Jay Ford <jnford at uiowa.net> a écrit :
>
> You might want "payload-protocol" for IPv6, except where you really want "next-header". This is a case where there's not a definite single functional mapping from IPv4 to IPv6.
>
> ________________________________________________________________________
> Jay Ford, Network Engineering Group, Information Technology Services
> University of Iowa, Iowa City, IA 52242
> email: jay-ford at uiowa.edu, phone: 319-335-5555
>
> On Wed, 11 Jul 2018, Olivier Benghozi wrote:
>> One thing to think about, in IPv6:
>> On MX, one can use "match protocol" (with Trio / MPC cards).
>> But it's not supported on lo0 filters, where you were / probably still are restricted to "match next-header", in order to have a filter working as expected.
>>
>>> Le 11 juil. 2018 à 20:17, Drew Weaver <drew.weaver at thenap.com> a écrit :
>>>
>>> Is there a list of best practices or 'things to think about' when constructing a firewall filter for a loopback on an MX series router running version 15 of Junos?
More information about the juniper-nsp
mailing list