Table 72: Standard Firewall Filter Action Categories for ACX Series Routers (continued)
CommentDescriptionType of Action
See “Standard Firewall Filter
Nonterminating Actions on ACX
Series Routers” on page 1064.
Performs other functions on a packet (such as
incriminating a counter, logging information about
the packet header, sampling the packet data, or
sending information to a remote host using the
system log functionality), but any additional terms
are used to examine the packet.
Nonterminating
Related
Documentation
Guidelines for Configuring Firewall Filters on page 1044•
• Interface-Specific Firewall Filter Instances Overview
Standard Firewall Filter Match Conditions for IPv4 Traffic on ACX Series Routers
On ACX Series routers, you can configure a standard stateless firewall filter with match
conditions for IP version 4 (IPv4) traffic (family inet). Table 73 on page 1054 describes the
match conditions you can configure at the [edit firewall family inet filter filter-name term
term-name from] hierarchy level.
Table 73: Standard Firewall Filter Match Conditions for IPv4 Traffic on ACX Series Routers
DescriptionMatch Condition
Match the IPv4 destination address field.
NOTE: On ACX Series routers, you can specify only one destination address. A list of IPv4
destination addresses is not supported.
destination-address address
Match the UDP or TCP destination port field.
If you configure this match condition, we recommend that you also configure the protocol udp
or protocol tcp match statement in the same term to specify which protocol is being used on
the port.
NOTE: On ACX Series routers, you can specify only one destination port number. A list of port
numbers is not supported.
In place of the numeric value, you can specify one of the following text synonyms (the port
numbers are also listed): afs (1483), bgp (179), biff (512), bootpc (68), bootps (67), cmd (514),
cvspserver (2401), dhcp (67), domain (53), eklogin (2105), ekshell (2106), exec (512), finger (79),
ftp (21), ftp-data (20), http (80), https (443), ident (113), imap (143), kerberos-sec (88),
klogin (543), kpasswd (761), krb-prop (754), krbupdate (760), kshell (544), ldap (389), ldp (646),
login (513), mobileip-agent (434), mobilip-mn (435), msdp (639), netbios-dgm (138),
netbios-ns (137), netbios-ssn (139), nfsd (2049), nntp (119), ntalk (518), ntp (123), pop3 (110),
pptp (1723), printer (515), radacct (1813), radius (1812), rip (520), rkinit (2108), smtp (25),
snmp (161), snmptrap (162), snpp (444), socks (1080), ssh (22), sunrpc (111), syslog (514),
tacacs (49), tacacs-ds (65), talk (517), telnet (23), tftp (69), timed (525), who (513), or
xdmcp (177).
destination-port number
Match IP destination prefixes in named list.destination-prefix-list
Copyright © 2017, Juniper Networks, Inc.1054
ACX Series Universal Access Router Configuration Guide
To Next Page
Loading...
Need help?
General
