Table 68: Firewall Filter Match Conditions by Protocol Family (continued)
Hierarchy Level at Which Match Conditions Are SpecifiedTraffic Type
[edit firewall family bridge filter filter-name term term-name]
[edit firewall family ethernet-switching filter filter-name term term-name] (for EX Series switches
only)
For the complete list of match conditions, see Firewall Filter Match Conditions for Layer 2 Bridging
Traffic.
Layer 2 Bridging
(MX Series routers and
EX Series switches only)
If you specify an IPv6 address in a match condition (the address, destination-address, or
source-address match conditions), use the syntax for text representations described in
RFC 4291, IP Version 6 Addressing Architecture. For more information about IPv6 addresses,
see “IPv6 Overview” on page 530 and Supported IPv6 Standards.
Firewall Filter Actions
Under the then statement for a firewall filter term, you can specify the actions to be taken
on a packet that matches the term.
Table 69 on page 1048 summarizes the types of actions you can specify in a firewall filter
term.
Table 69: Firewall Filter Action Categories
CommentDescriptionType of Action
See Firewall Filter Terminating Actions.Halts all evaluation of a firewall filter for a specific packet.
The router (or switch) performs the specified action, and
no additional terms are used to examine the packet.
You can specify only one terminating action in a firewall
filter term. You can, however, specify one terminating
action with one or more nonterminating actions in a single
term. For example, within a term, you can specify accept
with count and syslog. Regardless of the number of terms
that contain terminating actions, once the system
processes a terminating action within a term, processing
of the entire firewall filter halts.
Terminating
All nonterminating actions include an implicit
accept action. This accept action is carried out
if no other terminating action is configured in
the same term.
See Firewall Filter Nonterminating Actions.
Performs other functions on a packet (such as
incrementing a counter, logging information about the
packet header, sampling the packet data, or sending
information to a remote host using the system log
functionality), but any additional terms are used to
examine the packet.
Nonterminating
Copyright © 2017, Juniper Networks, Inc.1048
ACX Series Universal Access Router Configuration Guide
To Next Page
Loading...
Need help?
General
