yeah or even assign the protocol active interfaces to an interface group which then can be associated with a firewall filter applied to the loopback interface.
On Sat, Jan 29, 2011 at 6:49 AM, Jensen Tyler <[email protected]>wrote: > You could filter by configured interface and IP Space you own( or use in > your core). Not what you are looking for but easy to do. > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] On Behalf Of David Ball > Sent: Friday, January 28, 2011 11:37 AM > To: Juniper-Nsp > Subject: [j-nsp] Dynamic generation of interface IPs of OSPF neighbo(u)rs ? > > Brain stuck in Friday mode. I've created a prefix-list using apply-path > which looks at 'protocols bgp group <*> neighbor <*>' to get a list of my > BGP neighbour IPs. Works fine. Now I'm trying to think of a way to do the > same with OSPF neighbor IPs (and perhaps even LDP, RSVP, etc). Not quite > as > easy since they're not all listed together in 1 spot anywhere, so I'm > trying > to figure out how or if it's possible to dynamically generate such a list. > What I'm trying to create is a firewall filter for lo0 which only allows > appropriate traffic to the RE, such that if one of our operators adds a new > OSPF interface, they won't have to remember to update the firewall filter. > As stated above, the stanza to allow BGP was easy, but I can't think of a > way for the other protocols. Trying to avoid manually maintaining a > prefix-list which contains all of said IPs. Is commit scripts my only path > to glory ? > > David > _______________________________________________ > juniper-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/juniper-nsp > > _______________________________________________ > juniper-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
