[j-nsp] ACL for lo0 template/example comprehensive list of 'things to think about'?
Jason Healy
jhealy at logn.net
Thu Jul 12 16:04:04 EDT 2018
On Jul 12, 2018, at 10:09 AM, Benny Amorsen <benny+usenet at amorsen.dk> wrote:
>
> Saku Ytti <saku at ytti.fi> writes:
>
>> I think best compromise would be, that JNPR would offer good filter,
>> dynamically built based on data available in config and referring to
>> empty prefix-lists when not possible to infer and customer can fill
>> those prefix-lists if needed. And also have functional ddos-protection
>> configuration out-of-the-box. People who want and can could override
>> and configure themselves.
>
> That would be really wonderful. A great start would be if there was a
> way to get just the /32 (or /128) interface IP addresses in
> apply-groups.
I started working on a commit script that would harvest all the local interface addresses and dump them in a prefix list so you could do just this. Never got around to finishing it, but it's on my ever-growing todo list.
Jason
More information about the juniper-nsp
mailing list