NOTE: If you specify an IPv6 address in a match condition (the address,
destination-address, or source-address match conditions), use the syntax for
text representations described in RFC 4291, IP Version 6 Addressing
Architecture. For more information about IPv6 addresses, see “IPv6 Overview”
on page 530 and Supported IPv6 Standards.
The following is a sample firewall family inet6 configuration:
user@host# show firewall family inet6
filter ipv6-filter {
term t1 {
from {
source-address {
2001:0000:0020:0020:0000:0000:0000:0150/128;
}
destination-address {
2001:0000:0040:0040:0000:0000:0000:0150/128;
}
next-header tcp;
source-port 1000;
destination-port 2000;
extension-header dstopts;
traffic-class ef;
tcp-flags 0x20;
hop-limit 254;
}
then count ipv6-t1-count;
}
term t2 {
from {
icmp-type neighbor-solicit;
}
then count ipv6-t2-count;
}
}
Related
Documentation
Guidelines for Configuring Firewall Filters on page 1044•
• Firewall Filter Terminating Actions
• Firewall Filter Nonterminating Actions
Standard Firewall Filter Match Conditions for MPLS Traffic on ACX Series Routers
On ACX Series routers, you can configure a standard stateless firewall filter with match
conditions for MPLS traffic (family mpls).
NOTE: The input-list filter-names and output-list filter-names statements for
firewall filters for the mpls protocol family are supported on all interfaces
with the exception of management interfaces and internal Ethernet interfaces
(fxp or em0), loopback interfaces (lo0), and USB modem interfaces (umd).
Copyright © 2017, Juniper Networks, Inc.1062
ACX Series Universal Access Router Configuration Guide
To Next Page
General
