Table 74: Firewall Filter Match Conditions for IPv6 Traffic (continued)
Description
Match Condition
Match the initial packet of a TCP connection. This is a text synonym for tcp-flags "(!ack & syn)".
This condition does not implicitly check that the protocol is TCP. If you configure this match
condition, we recommend that you also configure the next-header tcp match condition in the
same term.
tcp-initial
Match the 8-bit field that specifies the class-of-service (CoS) priority of the packet.
This field was previously used as the type-of-service (ToS) field in IPv4.
You can specify a numeric value from 0 through 63. To specify the value in hexadecimal form,
include 0x as a prefix. To specify the value in binary form, include b as a prefix.
In place of the numeric value, you can specify one of the following text synonyms (the field values
are also listed):
•
RFC 3246, An Expedited Forwarding PHB (Per-Hop Behavior), defines one code point: ef (46).
•
RFC 2597, Assured Forwarding PHB Group, defines 4 classes, with 3 drop precedences in each
class, for a total of 12 code points:
•
af11 (10), af12 (12), af13 (14)
•
af21 (18), af22 (20), af23 (22)
•
af31 (26), af32 (28), af33 (30)
•
af41 (34), af42 (36), af43 (38)
traffic-class number
1061Copyright © 2017, Juniper Networks, Inc.
Chapter 32: Configuring Firewall Filters
To Next Page
Loading...
Need help?
General
