Pavel Lunin <plu...@gmail.com> writes: > It's not maintaining scripts which is a bit of pain. It's on-box automaton > which is hell a lot of pain and there is very little reason to use it > nowadays. At least at any larger scale than a SOHO gateway for ten users, > doing something useless.
That is all the more reason why JunOS should have a way to make an apply-group out of all local IP addresses without having to resort to full-blown scripting. Ideally JunOS should offer another way of distinguishing between forward traffic and locally-terminated/originated traffic in ACL's, without having to rely on getting lists of IP addresses correct. The box knows whether it is terminating the traffic or not. Just let me filter based on that... (I know, it is not that easy to implement in practice.) /Benny _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp