On 01/14/2014 09:19 AM, Chris Adams wrote: > Once upon a time, Olivier Benghozi <olivier.bengh...@wifirst.fr> said: >> Because if you don't do it, you'll obtain some nice "Server Timeout" if you >> want to issue a "show ntp status" or "show ntp associations". >> So: >> - Junos doesn't use 127.0.0.1 to locally communicate with ntpd >> - In you filters you're obliged to manually authorize internal private IP >> traffic used by the CLI and that doesn't even leave the RE >> >> Another fine design... > > Seems like a good case for a commit script to auto-build the filter > rule from configured NTP servers and configured loopback addresses.
set policy-options prefix-list local-interfaces apply-path \ "interfaces <*> unit <*> family inet address <*>" set policy-options prefix-list local-v6-interfaces apply-path \ "interfaces <*> unit <*> family inet6 address <*:*>" _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp