NOTE: For bridge family filter, the ip-protocol match criteria is supported
only for IPv4 and not for IPv6. This is applicable for line cards that support
the Junos Trio chipset such as the MX 3D MPC line cards.
Firewall Filter Names and Options
Under the family family-name statement, you can include filter filter-name statements
to create and name firewall filters. The filter name can contain letters, numbers, and
hyphens (-) and be up to 64 characters long. To include spaces in the name, enclose the
entire name in quotation marks (“ ”).
At the [edit firewall family family-name filter filter-name] hierarchy level, the following
statements are optional:
•
accounting-profile
•
instance-shared (MX Series routers with Modular Port Concentrators (MPCS) only)
•
interface-specific
•
physical-interface-filter
Firewall Filter Terms
Under the filter filter-name statement, you can include term term-name statements to
create and name filter terms.
•
You must configure at least one term in a firewall filter.
•
You must specify a unique name for each term within a firewall filter. The term name
can contain letters, numbers, and hyphens (-) and can be up to 64 characters long.
To include spaces in the name, enclose the entire name in quotation marks (“ ”).
•
The order in which you specify terms within a firewall filter configuration is important.
Firewall filter terms are evaluated in the order in which they are configured. By default,
new terms are always added to the end of the existing filter. You can use the insert
configuration mode command to reorder the terms of a firewall filter.
At the [edit firewall family family-name filter filter-name term term-name] hierarchy level,
the filter filter-name statement is not valid in the same term as from or then statements.
When included at this hierarchy level, the filter filter-name statement is used to nest
firewall filters.
Firewall Filter Match Conditions
Firewall filter match conditions are specific to the type of traffic being filtered.
With the exception of MPLS-tagged IPv4 or IPv6 traffic, you specify the term’s match
conditions under the from statement. For MPLS-tagged IPv4 traffic, you specify the term’s
IPv4 address-specific match conditions under the ip-version ipv4 statement and the
term’s IPv4 port-specific match conditions under the protocol (tcp | udp) statement.
Copyright © 2017, Juniper Networks, Inc.1046
ACX Series Universal Access Router Configuration Guide
To Next Page
Loading...
Need help?
General
