This is a heads-up to anyone planning to upgrade to 12.3R5.7, especially if you don't have easy access to the serial console, but only a firewall term such as:
term allow-oob-management { from { interface fxp0.0; } then accept; } ...in your lo0.0 input filter (which presumably then goes on to drop all unmatched traffic): It simply doesn't work. I've confirmed on both MX80 and MX240, several times. After a reboot, the term just gets skipped, it seems. Deactivating the term, committing, and then reactivating it fixes the problem but that might of course be easier said than done if locked out of the box. Terms doing source-address matches seems to work fine. Tore _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp