Table 73: Standard Firewall Filter Match Conditions for IPv4 Traffic on ACX Series
Routers (continued)
DescriptionMatch Condition
Match the ICMP message type field.
If you configure this match condition, we recommend that you also configure the protocol icmp
match condition in the same term.
In place of the numeric value, you can specify one of the following text synonyms (the field
values are also listed): echo-reply (0), echo-request (8), info-reply (16), info-request (15),
mask-request (17), mask-reply (18), parameter-problem (12), redirect (5),
router-advertisement (9), router-solicit (10), source-quench (4), time-exceeded (11),
timestamp (13), timestamp-reply (14), or unreachable (3).
icmp-type number
Match the 8-bit IP option field, if present, to the specified value.
ACX Series routers support only the ip-options_any match condition, which ensures that the
packets are sent to the Packet Forwarding Engine for processing.
NOTE: On ACX Series routers, you can specify only one IP option value. Configuring multiple
values is not supported.
ip-options values
Match the IP precedence field.
In place of the numeric field value, you can specify one of the following text synonyms (the
field values are also listed): critical-ecp (0xa0), flash (0x60), flash-override (0x80),
immediate (0x40), internet-control (0xc0), net-control (0xe0), priority (0x20), or routine (0x00).
You can specify precedence in hexadecimal, binary, or decimal form.
precedence
ip-precedence-field
Match the IP protocol type field. In place of the numeric value, you can specify one of the
following text synonyms (the field values are also listed): ah (51), dstopts (60), egp (8), esp (50),
fragment (44), gre (47), hop-by-hop (0), icmp (1), icmp6 (58), icmpv6 (58), igmp (2), ipip (4),
ipv6 (41), ospf (89), pim (103), rsvp (46), sctp (132), tcp (6), udp (17), or vrrp (112).
protocol number
Match the IPv4 address of the source node sending the packet.source-address address
Match the UDP or TCP source port field.
If you configure this match condition for IPv4 traffic, we recommend that you also configure
the protocol udp or protocol tcp match statement in the same term to specify which protocol
is being used on the port.
In place of the numeric value, you can specify one of the text synonyms listed with the
destination-port number match condition.
source-port number
Match IP source prefixes in named list.source-prefix-list
Copyright © 2017, Juniper Networks, Inc.1056
ACX Series Universal Access Router Configuration Guide
To Next Page
Loading...
Need help?
General
