This is now PR 1160955. Thanks, Phil
Phil Shafer writes: >Yes, it's a bug. Please have your account team open a PR or let >me know and I'll open it. From a quick look, the firewall data >model has the right reference, but it's not working, likely broken >somewhere in my (ui) code. > >Thanks, > Phil > > > >Chuck Anderson writes: >>An interesting CLI bug: >> >>"show configuration | display inheritance" doesn't find prefix lists >>that are referenced via configuration groups that are applied inside a >>logical-system, but the configuration commits and works correctly: >> >>MX_RE0# show groups DROP-RESERVED-SOURCES >>logical-systems { >> <*> { >> firewall { >> family inet { >> filter <*> { >> term DROP-RESERVED-SOURCES { >> from { >> source-prefix-list { >> RESERVED-ADDRESSES; >> } >> } >> then { >> count DROP-RESERVED-SOURCES; >> discard; >> } >> } >> } >> } >> } >> } >>} >> >>MX_RE0# show logical-systems LSYS1 policy-options prefix-list >>RESERVED-ADDRESSES >>10.0.0.0/8; >>172.16.0.0/12; >>192.168.0.0/16; >> >>MX_RE0# show logical-systems LSYS1 firewall family inet filter CUST-IN >>apply-groups DROP-RESERVED-SOURCES; >> >>MX_RE0# show logical-systems LSYS1 firewall family inet filter CUST-IN | >>display inheri >t >>ance >>## >>## 'DROP-RESERVED-SOURCES' was inherited from group 'DROP-RESERVED-SOURCES' >>## >>term DROP-RESERVED-SOURCES { >> ## >> ## 'from' was inherited from group 'DROP-RESERVED-SOURCES' >> ## >> from { >> source-prefix-list { >> ## >> ## 'RESERVED-ADDRESSES' was inherited from group >> 'DROP-RESERVED-SOURCES' >> ## >> RESERVED-ADDRESSES; ## 'RESERVED-ADDRESSES' is not defined >> } >> } >> ## >> ## 'then' was inherited from group 'DROP-RESERVED-SOURCES' >> ## >> then { >> ## >> ## 'DROP-RESERVED-SOURCES' was inherited from group >> 'DROP-RESERVED-SOURCES' >> ## >> count DROP-RESERVED-SOURCES; >> ## >> ## 'discard' was inherited from group 'DROP-RESERVED-SOURCES' >> ## >> discard; >> } >>} >> >>Notice the comment "## 'RESERVED-ADDRESSES' is not defined". It is >>defined... >>_______________________________________________ >>juniper-nsp mailing list juniper-nsp@puck.nether.net >>https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp