Regarding the default behavior in firewall filters, there is no way you can have an 'exact' match, since all source addresses are /32s by definition. Therefore, the behavior of matching all addresses within the prefix is the only reasonable behavior.
And, you can actually apply different match types to prefix lists in routing policy now. Use the 'prefix-list-filter' configuration statement. For example: [edit policy-options policy-statement example term example] [EMAIL PROTECTED] set from prefix-list-filter internal-routes ? Possible completions: exact Exactly match the prefix length longer Mask is greater than the prefix length orlonger Mask is greater than or equal to the prefix length -Jon On Feb 7, 2008 6:13 AM, Samuel <[EMAIL PROTECTED]> wrote: > Hi group, > > In the Juniper documentation I can read: > "A prefix list within a routing policy always assumes a route-filter > match type of exact. Therefore, only routes explicitly listed in the > prefix list will match." > > When I apply a prefix-list in a firewall-filter the way is not the same. > A prefix-list within a firewall filter assumes a route-filter type of > longer. > > Why this difference between a routing policy and a firewall filter? > > Regards, > Samuel > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp