Hello everyone!
I am trying to write an event script, which changes a term in firewall-filter if a route disappears.
I am resolving messages:
<load-configuration-results>
<xnm:error xmlns="http://xml.juniper.net/xnm/1.1/xnm">
<token xmlns="">name</token>
<message xmlns="">syntax error</message>
</xnm:error>
<xnm:error xmlns="http://xml.juniper.net/xnm/1.1/xnm">
<token xmlns="">name</token>
<message xmlns="">syntax error</message>
</xnm:error>
<load-error-count>2</load-error-count>
</load-configuration-results>Aug 28 10:33:10 end dump
As far as I understand, a name of a filter itself or a term leads to such an error.
1. What are the possibillities to solve that problem?
The idea for conditions is that if the result of show route | match x.x.x.x is empty, the term discards packets.
However, the condition doesn`t work.
The script is below.
1) How to deal with 2 errors?
2) That are possible ways to make the condition work?
version 1.0;
ns Junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
import "../import/junos.xsl";
match / {
<event-script-results> {
/*
* Open connection with mgd
*/
var $con = jcs:open();
if (not($con)) {
call emit-error($message = "Not able to connect to local mgd");
}
var $command = <command> "show route | match 0.0.0.0";
var $results = jcs:invoke( $command );
<output> $results;
if (jcs:empty($results)) {
/* apply policy */
var $disable = <configuration> {
<firewall> {
<family> {
<name> "inet";
<filter> {
<name> "CoPP";
<term> {
<name> "remote_access";
<then> {
<discard>;
}
}
}
}
}
}
<output> "default route is absoned";
call jcs:load-configuration($connection = $con, $configuration = $disable);
}
else {
/* undo the policy */
var $acceptance = <configuration> {
<firewall> {
<family> {
<name> "inet";
<filter> {
<name> "CoPP";
<term> {
<name> "remote_access";
<then> {
<accept>;
}
}
}
}
}
}
<output> "default exists";
call jcs:load-configuration($connection = $con, $configuration = $acceptance);
}
/*
* apply policy
*/
/*
* Close the mgd connection
*/
expr jcs:close($con);
}
}