Brain stuck in Friday mode. I've created a prefix-list using apply-path which looks at 'protocols bgp group <*> neighbor <*>' to get a list of my BGP neighbour IPs. Works fine. Now I'm trying to think of a way to do the same with OSPF neighbor IPs (and perhaps even LDP, RSVP, etc). Not quite as easy since they're not all listed together in 1 spot anywhere, so I'm trying to figure out how or if it's possible to dynamically generate such a list. What I'm trying to create is a firewall filter for lo0 which only allows appropriate traffic to the RE, such that if one of our operators adds a new OSPF interface, they won't have to remember to update the firewall filter. As stated above, the stanza to allow BGP was easy, but I can't think of a way for the other protocols. Trying to avoid manually maintaining a prefix-list which contains all of said IPs. Is commit scripts my only path to glory ?
David _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp