On Tue, 21 Mar 2023 at 10:29, Laurent CARON via juniper-nsp <[email protected]> wrote: > set firewall family inet filter filter-management term accept-ospf from > protocol ospf > set firewall family inet filter filter-management term accept-ospf then > count filter-management-accept-ospf > set firewall family inet filter filter-management term accept-ospf then log > set firewall family inet filter filter-management term accept-ospf then > syslog > set firewall family inet filter filter-management term accept-ospf then > accept > set firewall family inet filter filter-management term accept-ospf-igmp > from destination-prefix-list ospf-routers > set firewall family inet filter filter-management term accept-ospf-igmp > from protocol igmp > set firewall family inet filter filter-management term accept-ospf-igmp > then count filter-management-accept-ospf-igmp > set firewall family inet filter filter-management term accept-ospf-igmp > then accept > > > If my filter stops here (implicit discard), ospf sessions previously > established eventually fail. > > If the last term is a default accept, OSPF is working fine.
https://www.juniper.net/documentation/us/en/software/junos/interfaces-adaptive-services/topics/ref/statement/destination-prefix-list-edit-services-stateful-firewall.html https://www.juniper.net/documentation/us/en/software/junos/interfaces-adaptive-services/topics/ref/statement/source-prefix-list-edit-services-stateful-firewall.html Is the prefix list "ospf-routers" intended to match against source and/or destination IPv4/v6 addresses in the particular RE_FILTER rule? _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
