You should be able to do negative match on interface-group:
1/ mark all other interfaces with interface-group:
set interfaces xe-0/0/0.0 family inet filter group 100
2/ match on interface-group-except in lo0.0 FW filter
set firewall family inet filter RE-PROTECT term 1 from
This is a heads-up to anyone planning to upgrade to 12.3R5.7, especially
if you don't have easy access to the serial console, but only a firewall
term such as:
term allow-oob-management {
from {
interface fxp0.0;
}
then accept;
}
...in your lo0.0 input filter (which
HI Tore,
Thanks for the heads up - I had earmarked this version for a project so
I'll test around this first.
Cheers,
Graham
On 21 January 2014 14:35, Tore Anderson t...@fud.no wrote:
This is a heads-up to anyone planning to upgrade to 12.3R5.7, especially
if you don't have easy access to
3 matches
Mail list logo
