That's odd, I can see that the RPC is doing the desired results, but not via load-configuration...
An example using just NETCONF works fine.
I'll have to take a look at this some more when I have the chance to, as it's the weekend and I'll be travelling for work next week.
> show configuration firewall filter myPCAP
term 1 {
from {
source-address {
192.168.0.210/32;
}
destination-address {
192.168.0.150/32;
}
}
then {
sample;
accept;
}
}
term 2 {
from {
source-address {
192.168.0.150/32;
}
destination-address {
192.168.0.210/32;
}
}
then {
sample;
accept;
}
}
term allow-all-else {
then accept;
}
> exit
$ ssh user@192.168.0.210 -s netconf
Password:
<!-- No zombies were killed during the creation of this user interface -->
<!-- user space, class j-super-user -->
<hello>
<capabilities>
<capability>urn:ietf:params:xml:ns:netconf:base:1.0</capability>
<capability>urn:ietf:params:xml:ns:netconf:capability:candidate:1.0</capability>
<capability>urn:ietf:params:xml:ns:netconf:capability:confirmed-commit:1.0</capability>
<capability>urn:ietf:params:xml:ns:netconf:capability:validate:1.0</capability>
<capability>urn:ietf:params:xml:ns:netconf:capability:url:1.0?protocol=http,ftp,file</capability>
<capability>http://xml.juniper.net/netconf/junos/1.0</capability>
<capability>http://xml.juniper.net/dmi/system/1.0</capability>
</capabilities>
<session-id>71189</session-id>
</hello>
]]>]]>
<rpc><lock><target><candidate/></target></lock></rpc>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/12.1X46/junos">
<ok/>
</rpc-reply>
]]>]]>
<rpc><edit-config><target><candidate/></target><default-operation>merge</default-operation><error-option>stop-on-error</error-option><config-text><configuration-text>firewall { filter myPCAP { term 1 { from { replace: source-address 10.1.1.1/32; } } } }</configuration-text></config-text></edit-config></rpc>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/12.1X46/junos">
<ok/>
</rpc-reply>
]]>]]>
<rpc><commit-configuration><log>Test rename forum</log></commit-configuration></rpc>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/12.1X46/junos">
<ok/>
</rpc-reply>
]]>]]>
<rpc><unlock><target><candidate/></target></unlock></rpc>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/12.1X46/junos">
<ok/>
</rpc-reply>
]]>]]>
<rpc><close-session/></rpc>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/12.1X46/junos">
<ok/>
</rpc-reply>
]]>]]>
<!-- session end at 2016-07-08 18:53:51 UTC -->
Check the configuration:
$ ssh user@192.168.0.210
Password:
--- JUNOS 12.1X46-D40.2 built 2015-09-26 02:25:28 UTC
space@mySRX> show configuration firewall filter myPCAP
term 1 {
from {
source-address {
10.1.1.1/32;
}
destination-address {
192.168.0.150/32;
}
}
then {
sample;
accept;
}
}
term 2 {
from {
source-address {
192.168.0.150/32;
}
destination-address {
192.168.0.210/32;
}
}
then {
sample;
accept;
}
}
term allow-all-else {
then accept;
}
Hopefully someone else will have a moment to examine this, I'm obviously missing something here, but failing that I'll try and take a look as soon as I can.
Regards,
Andy