We use some same kinds of things here, that is subpolicies expressions (or subpolicies chains at other places):
policy-statement Blah { term MyTerm { from { policy ( ! (( ! A ) && B && ( C || D ))); } then next policy; } policy-statement A { term match { from community com-A; then accept; } term default { then reject; } } policy-statement B { term match { from community com-B; then accept; } term default { then reject; } } policy-statement C { term match { from community com-C; then accept; } term default { then reject; } } policy-statement D { term match { from community com-D; then accept; } term default { then reject; } } community com-A members 123:1; community com-B members 123:2; community com-C members 123:3; community com-D members 123:4; > Le 6 avr. 2017 à 17:59, serge vautour <sergervaut...@gmail.com> a écrit : > > IMHO whether you add a community to a policy term match statement or add a > community to a community members list, you still have to add the community > somewhere. I don't see how you get from 2x10 to 100.... Maybe I don't > understand the ask. > > The only way I know how to get the AND logic to work in a single policy > term is to call another policy. This isn't tested but something like this: > > [edit policy-options] > + policy-statement communityb { > + term term1 { > + from community b; > + then accept; > + } > + } > + policy-statement xy { > + term term1 { > + from { > + community a; > + policy communityb; > + } > + then accept; > + } > + } > [edit policy-options] > + community a members 123:1; > + community b members 123:2; > > > I hope this helps. > Serge > > > On Thu, Apr 6, 2017 at 12:10 PM, "Rolf Hanßen" <n...@rhanssen.de> wrote: > >> Hello Serge, >> >> this works, but that is exactly the config I would like to avoid. >> In case of 2 communities this adds a third one, but in case of 2x 10 >> communities that can be combined this adds 100 additional communities. >> >> kind regards >> Rolf >> >>> Hello, >>> >>> Have you tried this? >>> >>> set policy-options community MATCH2 members [ 123:1 123:2 ] >>> >>> I believe this will result in a logical AND. >>> >>> Serge >>> >> >> >> > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp