Is there any reliable non-kludge way of making the juniper not send out
time-exceeded responses, or doing it from a consistently incorrect address?
# show firewall filter route-engine-out
term no-expire-out {
from {
icmp-type time-exceeded;
}
then discard;
}
term allow-rest {
then accept;
}
[edit]
Applying this as an outbound filter on lo0 seems to have no effect.
I could put a filter on all interfaces, but this seems to be too much work
to maintain...
--Phil
ISPrime
time-exceeded responses, or doing it from a consistently incorrect address?
# show firewall filter route-engine-out
term no-expire-out {
from {
icmp-type time-exceeded;
}
then discard;
}
term allow-rest {
then accept;
}
[edit]
Applying this as an outbound filter on lo0 seems to have no effect.
I could put a filter on all interfaces, but this seems to be too much work
to maintain...
--Phil
ISPrime