Hugo Slabbert writes:
>I generally create an explicit 'reject-all' policy and stick that at the=20
>end of policy lists, rather than nesting the reject within an existing=20
>policy. It's a bit clearer.
You can also do this with a config group, since they are added (to lists)
after the foreground config:
Something like:
groups default-reject policy-options policy-statement <*> then reject;
protocols apply-groups default-reject;
Thanks,
Phil
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
