Chen Jiang writes: >I have a requirement from end user that want to automate firewall filter >configuration procedure, that means they want to use OP script to generate >a customized firewall filter term and added it before the last "deny all" >term.
Steve Hulshof suggestion re: using config groups is a great one, since it removes the possibility of error. The group plumbing will ensure the ordering of terms so your "default-all" term ends up last. But you can use the normal <configuration> payload to control ordering: http://www.juniper.net/documentation/en_US/junos15.1/topics/task/configuration/junos-xml-protocol-configuration-data-elements-reordering.html For your case, this would be something like: var $conf = <firewall> { <family> { <inet> { <filter> { <name> "new-term"; <term insert="before" name="default-all"> { <name> "new-term"; .... } } } } } Hmm..... you can also insert="first" and insert="last" (with no identifiers), but that doesn't seem to have made it into the docs. Sorry about that. Now PR 1148401. Thanks, Phil _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp