Re: [j-nsp] Could JUNOS OP Script support generate firewall filter term and added before original one?

Hi James An op script could definitely do this, but I haven't seen a basic template for this use case. Depending on *exactly* what you want it to do, it might be a better job for Python, and maybe some netconf. Here's something that might help get you started.

Re: [j-nsp] Could JUNOS OP Script support generate firewall filter term and added before original one?

Hi! Jordan End user's MX has a firewall filter named metro-access has many terms in it, just like below: lab@mx#show firewall family inet filter metro-access term inside-test { from { source-address { 124.42.96.208/29; }

Re: [j-nsp] Could JUNOS OP Script support generate firewall filter term and added before original one?

On 17/12/15 14:27, Chen Jiang wrote: term in the firewall filter, I haven't find any method to insert the new term before the original last "accept all" term and it will make traffic never hit the generated new term. Can't you just add the policy then reorder it using the standard syntax

Re: [j-nsp] Could JUNOS OP Script support generate firewall filter term and added before original one?

Sorry, small mistake in the configthis is what happens when you write it by hand in an email! set groups ADD_DEFAULT_FW firewall family inet filter metro-access term default-all then accept set apply-groups ADD_DEFAULT_FW set groups ADD_DEFAULT_FW firewall family inet filter <*> term

Re: [j-nsp] Could JUNOS OP Script support generate firewall filter term and added before original one?

You can delete the term default-all from metro-access filter and then use groups to add the term at the end like this: set groups ADD_DEFAULT_FW firewall family inet filter metro-access default-all all then accept set apply-groups ADD_DEFAULT_FW This will add your default term to the end of the

Re: [j-nsp] Could JUNOS OP Script support generate firewall filter term and added before original one?

You could always have your op script delete the default-all term, add your new network term, then re-add the default-all term. On 17 December 2015 at 14:27, Chen Jiang wrote: > Hi! Jordan > > End user's MX has a firewall filter named metro-access has many terms in > it, just

Re: [j-nsp] Could JUNOS OP Script support generate firewall filter term and added before original one?

Hi ! Here an example on doing such thing with BGP policies. I know it is a little bit different but it shows a way to do such inserting using slax https://www.juniper.net/documentation/en_US/junos12.3/topics/example/junos-s cript-automation-commit-script-prepending-global-policy.html regards

Re: [j-nsp] per flow rate-limiting on Juniper equipment

up 2015-12-02 6:44 GMT-02:00 Martin T : > Hi, > > which Juniper products support per flow rate-limiting? I mean similar > functionality to for example iptables "recent" > module(http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO-3.html#ss3.16). > For

Re: [j-nsp] Could JUNOS OP Script support generate firewall filter term and added before original one?

Chen Jiang writes: >I have a requirement from end user that want to automate firewall filter >configuration procedure, that means they want to use OP script to generate >a customized firewall filter term and added it before the last "deny all" >term. Steve Hulshof suggestion re: using config