HI Tore, Thanks for the heads up - I had earmarked this version for a project so I'll test around this first.
Cheers, Graham On 21 January 2014 14:35, Tore Anderson <t...@fud.no> wrote: > This is a heads-up to anyone planning to upgrade to 12.3R5.7, especially > if you don't have easy access to the serial console, but only a firewall > term such as: > > term allow-oob-management { > from { > interface fxp0.0; > } > then accept; > } > > ...in your lo0.0 input filter (which presumably then goes on to drop all > unmatched traffic): It simply doesn't work. > > I've confirmed on both MX80 and MX240, several times. After a reboot, > the term just gets skipped, it seems. Deactivating the term, committing, > and then reactivating it fixes the problem but that might of course be > easier said than done if locked out of the box. > > Terms doing source-address matches seems to work fine. > > Tore > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > -- Graham Brown Twitter - @mountainrescuer <https://twitter.com/#!/mountainrescuer> LinkedIn <http://www.linkedin.com/in/grahamcbrown> _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp