Executing "load <file>" in configuration mode, does not load the configuration correctly.
The following commands are necessary to correct it:
set firewall ipv4 input filter rule 10 state established set firewall ipv6 forward filter rule 10 state established set firewall ipv6 input filter rule 10 state established set policy route-map KERNEL-IN-238 rule 10 set community add "65500:400" delete policy route-map KERNEL-IN-238 rule 10 set community replace set policy route-map KERNEL-IN-238 rule 20 set large-community add "65500:65500:400" delete policy route-map KERNEL-IN-238 rule 20 set large-community replace delete policy route-map KERNEL-IN-238 rule 30 set large-community replace set service conntrack-sync accept-protocol "udp" delete system conntrack
here is a small configuration I tried to create to demonstrate:
interfaces {
ethernet eth0 {
}
loopback lo {
}
}
firewall {
ipv4 {
input {
filter {
default-action drop
rule 10 {
action accept
description 'Allow established connections'
state established
}
}
}
}
ipv6 {
forward {
filter {
default-action drop
rule 10 {
action accept
description 'Allow established connections'
state established
}
}
}
input {
filter {
default-action drop
rule 10 {
action accept
description 'Allow established connections'
state established
}
}
}
}
}
policy {
route-map KERNEL-IN-238 {
rule 10 {
action permit
set {
community {
add '65500:400'
}
}
}
rule 20 {
action permit
set {
large-community {
add '65500:65500:400'
}
}
}
rule 30 {
action permit
set {
large-community {
}
}
}
}
}
service {
conntrack-sync {
accept-protocol tcp
accept-protocol udp
}
}Will result in the following compare to be printed: (applied onto a default boot configuration)
+ conntrack-sync {
+ accept-protocol "tcp"
+ }
+ conntrack {
+ modules {
+ ftp
+ h323
+ nfs
+ pptp
+ sip
+ sqlnet
+ tftp
+ }
+ }
+ firewall {
+ ipv4 {
+ input {
+ filter {
+ default-action "drop"
+ rule 10 {
+ action "accept"
+ description "Allow established connections"
+ }
+ }
+ }
+ }
+ ipv6 {
+ forward {
+ filter {
+ default-action "drop"
+ rule 10 {
+ action "accept"
+ description "Allow established connections"
+ }
+ }
+ }
+ input {
+ filter {
+ default-action "drop"
+ rule 10 {
+ action "accept"
+ description "Allow established connections"
+ }
+ }
+ }
+ }
+ }
+ policy {
+ route-map KERNEL-IN-238 {
+ rule 10 {
+ action "permit"
+ set {
+ community {
+ replace ""
+ }
+ }
+ }
+ rule 20 {
+ action "permit"
+ set {
+ large-community {
+ replace ""
+ }
+ }
+ }
+ rule 30 {
+ action "permit"
+ set {
+ large-community {
+ replace ""
+ }
+ }
+ }
+ }
+ }