Table 69: Firewall Filter Action Categories (continued)
CommentDescriptionType of Action
You cannot configure the next term action with
a terminating action in the same filter term.
However, you can configure the next term action
with another nonterminating action in the same
filter term.
A maximum of 1024 next term actions are
supported per standard firewall filter
configuration. If you configure a standard
firewall filter that exceeds this limit, your
candidate configuration results in a commit
error.
For standard firewall filters only, the next term action
directs the router (or switch) to perform configured actions
on the packet and then, rather than terminate the filter,
use the next term in the filter to evaluate the packet. If the
next term action is included, the matching packet is
evaluated against the next term in the firewall filter.
Otherwise, the matching packet is not evaluated against
subsequent terms in the firewall filter.
For example, when you configure a term with the
nonterminating action count, the term’s action changes
from an implicit discard to an implicit accept. The next term
action forces the continued evaluation of the firewall filter.
Flow control
Related
Documentation
Guidelines for Applying Standard Firewall Filters on page 1049•
• Understanding How to Use Standard Firewall Filters
Guidelines for Applying Standard Firewall Filters
This topic covers the following information:
•
Applying Firewall Filters Overview on page 1049
•
Statement Hierarchy for Applying Firewall Filters on page 1050
•
Restrictions on Applying Firewall Filters on page 1051
Applying Firewall Filters Overview
You can apply a standard firewall filter to a loopback interface on the router or to a
physical or logical interface on the router. You can apply a firewall filter to a single interface
or to multiple interfaces on the router.Table 70 on page 1049 summarizes the behavior of
firewall filters based on the point to which you attach the filter.
Table 70: Firewall Filter Behavior by Filter Attachment Point
Filter BehaviorFilter Attachment Point
The router’s loopback interface, lo0, is the interface to the Routing Engine and carries no data
packets. When you apply a firewall filter to the loopback interface, the filter evaluates the local
packets received or transmitted by the Routing Engine.
NOTE:
•
ACX5048 and ACX5096 routers do not support the evaluation of packets transmitted by the
Routing engine for loopback interface filter.
Loopback interface
When you apply a filter to a physical interface on the router or to a logical interface (or member
of an aggregated Ethernet bundle defined on the interface), the filter evaluates all data packet
that pass through that interface.
Physical interface or
logical interface
1049Copyright © 2017, Juniper Networks, Inc.
Chapter 32: Configuring Firewall Filters
To Next Page
Loading...
Need help?
General
