match-conditions;
protocol (tcp | udp) {
match conditions;
}
}
}
then {
actions;
}
}
}
}
}
You can include the firewall configuration at one of the following hierarchy levels:
•
[edit]
•
[edit logical-systems logical-system-name]
NOTE: For stateless firewall filtering, you must allow the output tunnel traffic
through the firewall filter applied to input traffic on the interface that is the
next-hop interface toward the tunnel destination. The firewall filter affects
only the packets exiting the router (or switch) by way of the tunnel.
Firewall Filter Protocol Families
A firewall filter configuration is specific to a particular protocol family. Under the firewall
statement, include one of the following statements to specify the protocol family for
which you want to filter traffic:
•
family any—To filter protocol-independent traffic.
•
family inet—To filter Internet Protocol version 4 (IPv4) traffic.
•
family inet6—To filter Internet Protocol version 6 (IPv6) traffic.
•
family mpls—To filter MPLS traffic.
•
family vpls—To filter virtual private LAN service (VPLS) traffic.
•
family ccc—To filter Layer 2 circuit cross-connection (CCC) traffic.
•
family bridge—To filter Layer 2 bridging traffic for MX Series 3D Universal Edge Routers
only.
•
family ethernet-switching—To filter Layer 2 (Ethernet) traffic.
The family family-name statement is required only to specify a protocol family other than
IPv4. To configure an IPv4 firewall filter, you can configure the filter at the [edit firewall]
hierarchy level without including the family inet statement, because the [edit firewall]
and [edit firewall family inet] hierarchy levels are equivalent.
1045Copyright © 2017, Juniper Networks, Inc.
Chapter 32: Configuring Firewall Filters
To Next Page
Loading...
