input-list [ filter-names ];
output filter-name;
output-list [ filter-names ];
}
}
}
}
All Other Firewall Filters on Logical Interfaces
To apply a standard firewall filter to a logical interface for all cases other than a
protocol-independent filter on an MX Series router, configure the filter statement under
the protocol family:
interfaces {
interface-name {
unit logical-unit-number {
family family-name {
...
filter {
group group-number;
input filter-name;
input-list [ filter-names ];
output filter-name;
output-list [ filter-names ];
}
}
}
}
}
Restrictions on Applying Firewall Filters
•
Number of Input and Output Filters Per Logical Interface on page 1051
•
MPLS and Layer 2 CCC Firewall Filters in Lists on page 1052
•
Layer 2 CCC Firewall Filters on MX Series Routers and EX Series Switches on page 1052
Number of Input and Output Filters Per Logical Interface
Input filters—Although you can use the same filter multiple times, you can apply only
one input filter or one input filter list to an interface.
•
To specify a single firewall filter to be used to evaluate packets received on the interface,
include the input filter-name statement in the filter stanza.
•
To specify an ordered list of firewall filters to be used to evaluate packets received on
the interface, include the input-list [ filter-names ] statement in the filter stanza. You
can specify up to 16 firewall filters for the filter input list.
Output filters—Although you can use the same filter multiple times, you can apply only
one output filter or one output filter list to an interface.
•
To specify a single firewall filter to be used to evaluate packets transmitted on the
interface, include the output filter-name statement in the filter stanza.
1051Copyright © 2017, Juniper Networks, Inc.
Chapter 32: Configuring Firewall Filters
To Next Page
Loading...
Need help?
General
