[j-nsp] How to maintain scripts

Benny Lyne Amorsen benny+usenet at amorsen.dk
Mon Jul 16 09:31:27 EDT 2018


Pavel Lunin <plunin at gmail.com> writes:

> It's not maintaining scripts which is a bit of pain. It's on-box automaton
> which is hell a lot of pain and there is very little reason to use it
> nowadays. At least at any larger scale than a SOHO gateway for ten users,
> doing something useless.

That is all the more reason why JunOS should have a way to make an
apply-group out of all local IP addresses without having to resort to
full-blown scripting.

Ideally JunOS should offer another way of distinguishing between forward
traffic and locally-terminated/originated traffic in ACL's, without
having to rely on getting lists of IP addresses correct. The box knows
whether it is terminating the traffic or not. Just let me filter based
on that... (I know, it is not that easy to implement in practice.)


/Benny



More information about the juniper-nsp mailing list