Hi James
An op script could definitely do this, but I haven't seen a basic template for
this use case. Depending on *exactly* what you want it to do, it might be a
better job for Python, and maybe some netconf.
Here's something that might help get you started.
Hi! Jordan
End user's MX has a firewall filter named metro-access has many terms in
it, just like below:
lab@mx#show firewall family inet filter metro-access
term inside-test {
from {
source-address {
124.42.96.208/29;
}
On 17/12/15 14:27, Chen Jiang wrote:
term in the firewall filter, I haven't find any method to insert the new
term before the original last "accept all" term and it will make traffic
never hit the generated new term.
Can't you just add the policy then reorder it using the standard syntax
Sorry, small mistake in the configthis is what happens when you write
it by hand in an email!
set groups ADD_DEFAULT_FW firewall family inet filter metro-access term
default-all then accept
set apply-groups ADD_DEFAULT_FW
set groups ADD_DEFAULT_FW firewall family inet filter <*> term
You can delete the term default-all from metro-access filter and then use
groups to add the term at the end like this:
set groups ADD_DEFAULT_FW firewall family inet filter metro-access
default-all all then accept
set apply-groups ADD_DEFAULT_FW
This will add your default term to the end of the
You could always have your op script delete the default-all term, add
your new network term, then re-add the default-all term.
On 17 December 2015 at 14:27, Chen Jiang wrote:
> Hi! Jordan
>
> End user's MX has a firewall filter named metro-access has many terms in
> it, just
Hi !
Here an example on doing such thing with BGP policies.
I know it is a little bit different but it shows a way to do such inserting
using slax
https://www.juniper.net/documentation/en_US/junos12.3/topics/example/junos-s
cript-automation-commit-script-prepending-global-policy.html
regards
up
2015-12-02 6:44 GMT-02:00 Martin T :
> Hi,
>
> which Juniper products support per flow rate-limiting? I mean similar
> functionality to for example iptables "recent"
> module(http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO-3.html#ss3.16).
> For
Chen Jiang writes:
>I have a requirement from end user that want to automate firewall filter
>configuration procedure, that means they want to use OP script to generate
>a customized firewall filter term and added it before the last "deny all"
>term.
Steve Hulshof suggestion re: using config
9 matches
Mail list logo