Common IP Firewall Match Conditions
This section lists statements that are valid at the following hierarchy levels, and is
referenced at those levels in “Complete [edit firewall] Hierarchy” on page 38 instead of
the statements being repeated.
•
[edit firewall family inet dialer-filter filter-name term term-name from] (with the
exceptions noted at this level in “Complete [edit firewall] Hierarchy” on page 38)
•
[edit firewall family inet filter filter-name term term-name from]
•
[edit firewall family inet6 dialer-filter filter-name term term-name from] (with the
exceptions noted at this level in “Complete [edit firewall] Hierarchy” on page 38)
•
[edit firewall family inet6 filter filter-name term term-name from]
•
[edit firewall filter filter-name term term-name from]
The common IP firewall match conditions are as follows:
address {
ip-prefix</prefix-length> <except>;
}
destination-address {
ip-prefix</prefix-length> <except>;
}
destination-class [ class-names ] | destination-class-except [ class-names ]);
(destination-port [ port-names ] | destination-port-except [ port-names ]);
destination-prefix-list {
list-name <except>;
}
(forwarding-class [ class-names ] | forwarding-class-except [ class-names ]);
(icmp-code [ codes ] | icmp-code-except [ codes ]);
(icmp-type [ types ] | icmp-type-except [ types ]);
interface interface-name;
(interface-group [ group-names ] | interface-group-except [ group-names ]);
interface-set set-name;
(loss-priority [ priorities ] | loss-priority-except [ priorities ]);
(packet-length [ values ] | packet-length-except [ values ]);
(port [ port-names ] | port-except [ port-names ]);
prefix-list {
list-name <except>;
}
service-filter-hit;
source-address {
ip-prefix</prefix-length> <except>;
}
(source-class [ class-names ] | source-class-except [ class-names ]);
(source-port [ port-names ] | source-port-except [ port-names ]);
source-prefix-list {
list-name <except>;
}
tcp-established;
tcp-flags flag;
tcp-initial;
35Copyright © 2013, Juniper Networks, Inc.
Chapter 4: Configuration Statements
To Next Page
Loading...
