Configuring Dynamic Firewall Filter Services for Use in Dynamic Profiles

Firewall filters provide rules that define whether to permit or deny packets that are transiting an interface on a router. You can configure firewall filters for use in dynamic profiles. After you configure dynamic firewall filters, you can specify which filters you want to apply to subscriber interfaces using a dynamic profile.

To create a firewall filter:

1. Create and name a firewall filter.

   [edit]

   user@host#edit firewall filter fw_fltr_af41

2. Specify the filter to be interface specific.

   [edit firewall filter fw_fltr_af41]

   user@host#set interface-specific

3. Edit a first term for the firewall filter.

   [edit firewall filter fw_fltr_af41]

   user@host#edit firewall filter fw_fltr_af41 term 1

4. Set the from match condition.

   [edit firewall filter fw_fltr_af41 term 1]

   user@host#set from dscp af41

5. Set the then action to take when a match occurs.

   [edit firewall filter fw_fltr_af41 term 1]

   user@host#then count c2 accept

6. Edit a second term for the firewall filter.

   [edit firewall filter fw_fltr_af41]

   user@host#edit firewall filter fw_fltr_af41 term 2

7. Set the then action to take when a match occurs for term 1.

   [edit firewall filter fw_fltr_af41 term 1]

   user@host#then accept

8. Apply the dynamic firewall filter to interfaces using a dynamic profile.

   See Configuring a Dynamic Profile for the Triple Play Solution.

Related Topics

• Configuring Top-Level Broadband Subscriber Management Elements
• Dynamic Firewall Filters Overview
• Dynamic Profiles Overview
• JUNOS Policy Framework Configuration Guide