This is a heads-up to anyone planning to upgrade to 12.3R5.7, especially
if you don't have easy access to the serial console, but only a firewall
term such as:
term allow-oob-management {
from {
interface fxp0.0;
}
then accept;
}
...in your lo0.0 input filter (which presumably then goes on to drop all
unmatched traffic): It simply doesn't work.
I've confirmed on both MX80 and MX240, several times. After a reboot,
the term just gets skipped, it seems. Deactivating the term, committing,
and then reactivating it fixes the problem but that might of course be
easier said than done if locked out of the box.
Terms doing source-address matches seems to work fine.
Tore
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
