Yes, it's a bug. Please have your account team open a PR or let me know and I'll open it. From a quick look, the firewall data model has the right reference, but it's not working, likely broken somewhere in my (ui) code.
Thanks, Phil Chuck Anderson writes: >An interesting CLI bug: > >"show configuration | display inheritance" doesn't find prefix lists >that are referenced via configuration groups that are applied inside a >logical-system, but the configuration commits and works correctly: > >MX_RE0# show groups DROP-RESERVED-SOURCES >logical-systems { > <*> { > firewall { > family inet { > filter <*> { > term DROP-RESERVED-SOURCES { > from { > source-prefix-list { > RESERVED-ADDRESSES; > } > } > then { > count DROP-RESERVED-SOURCES; > discard; > } > } > } > } > } > } >} > >MX_RE0# show logical-systems LSYS1 policy-options prefix-list >RESERVED-ADDRESSES >10.0.0.0/8; >172.16.0.0/12; >192.168.0.0/16; > >MX_RE0# show logical-systems LSYS1 firewall family inet filter CUST-IN >apply-groups DROP-RESERVED-SOURCES; > >MX_RE0# show logical-systems LSYS1 firewall family inet filter CUST-IN | >display inherit >ance >## >## 'DROP-RESERVED-SOURCES' was inherited from group 'DROP-RESERVED-SOURCES' >## >term DROP-RESERVED-SOURCES { > ## > ## 'from' was inherited from group 'DROP-RESERVED-SOURCES' > ## > from { > source-prefix-list { > ## > ## 'RESERVED-ADDRESSES' was inherited from group > 'DROP-RESERVED-SOURCES' > ## > RESERVED-ADDRESSES; ## 'RESERVED-ADDRESSES' is not defined > } > } > ## > ## 'then' was inherited from group 'DROP-RESERVED-SOURCES' > ## > then { > ## > ## 'DROP-RESERVED-SOURCES' was inherited from group > 'DROP-RESERVED-SOURCES' > ## > count DROP-RESERVED-SOURCES; > ## > ## 'discard' was inherited from group 'DROP-RESERVED-SOURCES' > ## > discard; > } >} > >Notice the comment "## 'RESERVED-ADDRESSES' is not defined". It is >defined... >_______________________________________________ >juniper-nsp mailing list juniper-nsp@puck.nether.net >https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp