On Jul 12, 2018, at 10:09 AM, Benny Amorsen <benny+use...@amorsen.dk> wrote: > > Saku Ytti <s...@ytti.fi> writes: > >> I think best compromise would be, that JNPR would offer good filter, >> dynamically built based on data available in config and referring to >> empty prefix-lists when not possible to infer and customer can fill >> those prefix-lists if needed. And also have functional ddos-protection >> configuration out-of-the-box. People who want and can could override >> and configure themselves. > > That would be really wonderful. A great start would be if there was a > way to get just the /32 (or /128) interface IP addresses in > apply-groups.
I started working on a commit script that would harvest all the local interface addresses and dump them in a prefix list so you could do just this. Never got around to finishing it, but it's on my ever-growing todo list. Jason _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp