Hi! Phil Yes, this is exactly what I needed and it works as you described, Thanks for the great help!
BR! James On Fri, Dec 18, 2015 at 2:17 PM, Phil Shafer <p...@juniper.net> wrote: > Chen Jiang writes: > >I have a requirement from end user that want to automate firewall filter > >configuration procedure, that means they want to use OP script to generate > >a customized firewall filter term and added it before the last "deny all" > >term. > > Steve Hulshof suggestion re: using config groups is a great one, > since it removes the possibility of error. The group plumbing will > ensure the ordering of terms so your "default-all" term ends up last. > > But you can use the normal <configuration> payload to control ordering: > > > http://www.juniper.net/documentation/en_US/junos15.1/topics/task/configuration/junos-xml-protocol-configuration-data-elements-reordering.html > > For your case, this would be something like: > > var $conf = <firewall> { > <family> { > <inet> { > <filter> { > <name> "new-term"; > <term insert="before" name="default-all"> { > <name> "new-term"; > .... > } } } } } > > Hmm..... you can also insert="first" and insert="last" (with no > identifiers), but that doesn't seem to have made it into the docs. > Sorry about that. Now PR 1148401. > > Thanks, > Phil > -- BR! James Chen _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp