On Sun, 2009-03-08 at 20:47 -0400, Jeff S Wheeler wrote: > On Sun, 2009-03-08 at 19:10 -0500, Richard A Steenbergen wrote: > > This is on a MX960. I had actually tried matching ttl [ 0 1 ] in I'm still not clear on what this is supposed to be doing, vs what you mentioned it is actually doing on your box, but the MX-series that can match on TTL appears to be doing the same thing as the M7i, which can't.
A more detailed explanation from the Juniper folks would be helpful. # show filter index 6 program Program Filters: --------------- Index Dir Cnt Text Bss Name -------- ------ ------ ------ ------ -------- 6 52 0 16 0 foo Firewall program version 50 magic fed2beef Name: "foo" Protocol: ip Implicit Filter: No Hash: 68c5232c31a1da633f8772ffacefc306 Action directory: 1 entry (52 bytes) Text: 4 instruction words (16 bytes) Action directory: 1 entry (52 bytes) 0: accept -> 2: Program instructions: 4 words 0: set flags2 match flags2 & 0x10 != 0x10 -> 3: terminate -> action index 0 3: terminate -> discard # show filter index 5 program Program Filters: --------------- Index Dir Cnt Text Bss Name -------- ------ ------ ------ ------ -------- 5 52 0 12 0 bar Firewall program version 50 magic fed2beef Name: "bar" Protocol: ip Implicit Filter: No Hash: 07c24f58442ed2e93e9b7cd2c0304056 Action directory: 1 entry (52 bytes) Text: 3 instruction words (12 bytes) Action directory: 1 entry (52 bytes) 0: accept -> 1: Program instructions: 3 words 0: match ttl > 1 -> 2: terminate -> action index 0 2: terminate -> discard -- Jeff S Wheeler <j...@inconcepts.biz> +1-212-981-0607 Sr Network Operator / Innovative Network Concepts _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp