Table 76: Terminating Actions for Standard Firewall Filters on ACX Series Routers (continued)
ProtocolsDescription
Terminating
Action
family inetReject the packet and return an ICMPv4 or ICMPv6 message:
•
If no message type is specified, a destination-unreachable message is returned by
default.
•
If tcp-reset is specified as the message type, tcp-reset is returned only if the packet
is a TCP packet. Otherwise, the administratively-prohibited message, which has a
value of 13, is returned.
•
If any other message type is specified, that message is returned.
NOTE:
•
Rejected packets can be sampled or logged if you configure the sample or syslog
action.
•
This action is supported on ingress only.
The message-type option can have one of the following values: address-unreachable,
administratively-prohibited, bad-host-tos, bad-network-tos, beyond-scope,
fragmentation-needed, host-prohibited, host-unknown, host-unreachable,
network-prohibited, network-unknown, network-unreachable, no-route,
port-unreachable, precedence-cutoff, precedence-violation, protocol-unreachable,
source-host-isolated, source-route-failed, or tcp-reset.
rejectmessage-type
•
family inetDirect the packet to the specified routing instance.routing-instance
routing-instance-name
Related
Documentation
Guidelines for Configuring Firewall Filters on page 1044•
• Standard Firewall Filter Match Conditions and Actions on ACX Series Routers Overview
on page 1052
• Standard Firewall Filter Nonterminating Actions on ACX Series Routers on page 1064
Standard Firewall Filter Nonterminating Actions on ACX Series Routers
Standard stateless firewall filters support different sets of nonterminating actions for
each protocol family.
NOTE: ACX Series routers do not support the next term action.
ACX Series routers support log and syslog actions in ingress and egress
directions for family inet and family bridge.
Table 77 on page 1065 describes the nonterminating actions you can configure for a standard
firewall filter term.
Copyright © 2017, Juniper Networks, Inc.1064
ACX Series Universal Access Router Configuration Guide
To Next Page
Loading...
Need help?
General
