EasyManuals Logo

Juniper ACX2000 Configuration Guide

Juniper ACX2000
3270 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1115 background imageLoading...
Page #1115 background image
Table 73: Standard Firewall Filter Match Conditions for IPv4 Traffic on ACX Series
Routers (continued)
DescriptionMatch Condition
Match one or more of the low-order 6 bits in the 8-bit TCP flags field in the TCP header.
To specify individual bit fields, you can specify the following text synonyms or hexadecimal
values:
•
fin (0x01)
•
syn (0x02)
•
rst (0x04)
•
push (0x08)
•
ack (0x10)
•
urgent (0x20)
In a TCP session, the SYN flag is set only in the initial packet sent, while the ACK flag is set in
all packets sent after the initial packet.
You can string together multiple flags using the bit-field logical operators.
For combined bit-field match conditions, see the tcp-initial match conditions.
If you configure this match condition, we recommend that you also configure the protocol tcp
match statement in the same term to specify that the TCP protocol is being used on the port.
tcp-flags value
Match the initial packet of a TCP connection. This is an alias for tcp-flags "(!ack & syn)".
This condition does not implicitly check that the protocol is TCP. If you configure this match
condition, we recommend that you also configure the protocol tcp match condition in the same
term.
tcp-initial
Match the IPv4 time-to-live number. Specify a TTL value or a range of TTL values. For number,
you can specify one or more values from 2 through 255.
ttl number
Related
Documentation
Guidelines for Configuring Firewall Filters on page 1044•
• Standard Firewall Filter Match Conditions and Actions on ACX Series Routers Overview
on page 1052
• Standard Firewall Filter Terminating Actions on ACX Series Routers on page 1063
• Standard Firewall Filter Nonterminating Actions on ACX Series Routers on page 1064
Standard Firewall Filter Match Conditions for IPv6 Traffic on ACX Series Routers
You can configure a firewall filter with match conditions for Internet Protocol version 6
(IPv6) traffic (familyinet6). Table 74 on page 1058 describes the match conditions you can
configure at the [edit firewall family inet6 filter filter-name term term-name from] hierarchy
level.
1057Copyright © 2017, Juniper Networks, Inc.
Chapter 32: Configuring Firewall Filters

Table of Contents

Other manuals for Juniper ACX2000

Preview: Quick Start
Quick Start30 pages
Preview: Hardware Guide
Hardware Guide190 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Juniper ACX2000 and is the answer not in the manual?

Juniper ACX2000 Specifications

General IconGeneral
BrandJuniper
ModelACX2000
CategoryNetwork Router
LanguageEnglish

Related product manuals