Hey Michael, > I'm wondering if anyone on list has tried this or gotten decent caveat > information on this feature. I intend to lab it but haven't gotten around to > it yet. > > http://www.juniper.net/documentation/en_US/junos14.2/topics/concept/firewall-filter-flexible-match-conditions-overview.html > > Some things I wanted to explore; > * Matching ethernet dst addr bit 8 to count/police ethernet multicast > * Poor man's DNS reflection firewall (counting/policing DNS ANY attempts, aka > fkfkfkfz.guru lookups)
I've used it to discriminate between RTPC and RTP, by checking if UDP port is odd or even. To facilitate mirroring of RTPC packets without mirroring RTP packets (not allowed by legislation). Had no issues with it, and generally I'd be very comfortable running it, it's not a special in any way to the HW, rather all the other rules are just syntactic sugar. -- ++ytti _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp