Thanks Alain.
This work-around obviously works but unfortunately in my case it is not
possible to use it as no human will/should be involved!
Cheers,
Otto
[EMAIL PROTECTED] wrote:
Hi Otto
I have made some tests with you simple login config and I can find a simple
workaround
I think that's not what you wer looking for but it's works
Just be in the right place:
"edit firewall family inet filter access_in"
Copy the complete filter in a notepad
Insert the new term where you want
Delete the complete filter:
"Delete"
Place the router in a loading mode:
"load merge terminal relative"
Paste the new filter
Then commit
That's done
Hope this helps
Regards
Alain
Here are some traces:
[EMAIL PROTECTED]> show configuration system login
class test {
permissions configure;
allow-configuration "firewall family inet filter access_in";
}
user test {
uid 2009;
class test;
authentication {
encrypted-password "$1$A85U2lXA$yv9xBZSmwvN6E3XxiMkXm1"; ## SECRET-DATA
}
}
[EMAIL PROTECTED] edit firewall family inet filter access_in
[edit firewall family inet filter access_in]
[EMAIL PROTECTED] show
term 1 {
from {
source-address {
192.168.63.63/32;
}
}
then count In;
}
[edit firewall family inet filter access_in]
[EMAIL PROTECTED] delete
Delete everything under this level? [yes,no] (no) yes
[edit firewall family inet filter access_in]
[EMAIL PROTECTED] load merge terminal relative
[Type ^D at a new line to end input]
term 2 {
from {
source-address {
192.168.63.64/32;
}
}
then count InBis;
}
term 1 {
from {
source-address {
192.168.63.63/32;
}
}
then count In;
}
load complete
[edit firewall family inet filter access_in]
[EMAIL PROTECTED] show
term 2 {
from {
source-address {
192.168.63.64/32;
}
}
then count InBis;
}
term 1 {
from {
source-address {
192.168.63.63/32;
}
}
then count In;
}
[edit firewall family inet filter access_in]
[EMAIL PROTECTED] commit
commit complete
-----Message d'origine-----
De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Otto Kreiter
Envoyé : jeudi 14 août 2008 13:49
À : [email protected]
Objet : [j-nsp] allow-configuration/permission + insert
Hi,
I'm trying to create a user with limited rights to access a single firewall
filter in the firewall configuration. I have (partially) managed to find the
most convenient way of doing it by committing the following configuration:
class test {
permissions configure;
allow-configuration "firewall family inet filter access_in"; } user test {
uid 2002;
class test;
authentication {
encrypted-password "xxx";
}
}
This nicely allows test user to configure the access_in filter and to
*create* new terms. However here comes the problem. When a new term is created
this is placed automatically at the end of the filter (fair enough - is there
is any way to specify his place?). But then when the user tries to insert it in
the right place:
[EMAIL PROTECTED] insert term Test-1 before ?
No valid completions
Yes there are many other terms, even created by the same user in the same
session. I've tried countless allow-configurations and permission configuration
options and variations but I'm missing something and can't get to the bottom of
the problem.
I would be grateful if somebody can point me in the right direction!
Thank you and regards,
Otto
_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp
--
Otto Kreiter
Service Introduction Manager
DANTE Ltd.
Phone: +44 (0)1223 371300
_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp
