Since I run a default-deny policy for my equipment, there are zones that have no egress policies set. However I have discovered that if I set a policy for "from zone blah to zone blah2" then delete it, Junos won't let me have no policy.
root# commit
[edit security policies]
'from-zone DROPUB to-zone untrust'
Missing mandatory statement: 'policy'
error: commit failed: (missing mandatory statements)
and if I look:
root# edit security policies from-zone DROPUB to-zone untrust
{primary:node0}[edit security policies from-zone DROPUB to-zone untrust]
root# show
## Warning: missing mandatory statement(s): 'policy'
{primary:node0}[edit security policies from-zone DROPUB to-zone untrust]
yet clearly I have lots of other policy zones that have no policies and the system previously committed just fine. Is this a bug or what? What's my best option then? Create some obscure stand-alone policy? Gah, more retard logic from Juniper....