See the following sections:
- filter {
- input filter-name;
- output filter-name;
- }
- [edit interfaces interface-name unit logical-unit-number family family],
- [edit logical-routers logical-router-name interfaces interface-name unit logical-unit-number unit family]
Apply a filter to an interface. You can also use filters for encrypted traffic. When you configure filters, you can configure the family inet, inet6, mpls, or vpls only.
input filter-name—Name of one filter to evaluate when packets are received on the interface.
output filter-name—Name of one filter to evaluate when packets are transmitted on the interface.
See Classifying Packets Based on Various Packet Header Fields and Setting the PLP with a Multifield Classifier; for a general discussion of this statement, see the JUNOS Network Interfaces Configuration Guide.
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
- filter filter-name {
-
-
term term-name {
-
-
from {
-
match-conditions;
- }
-
-
then {
-
dscp 0;
-
forwarding-class class-name;
-
loss-priority (high | low);
-
policer policer-name;
-
-
three-color-policer {
- two-rate policer-name;
- }
-
virtual-channel virtual-channel-name;
- }
- }
- }
- [edit firewall family family-name]
Configure firewall filters.
filter-name—Name that identifies the filter. The name can contain letters, numbers, and hyphens (-) and can be up to 255 characters long. To include spaces in the name, enclose it in quotation marks (" " ).
The remaining statements are explained separately.
See Classifying Packets Based on Various Packet Header Fields and Setting the PLP with a Multifield Classifier; for a general discussion of this statement, see the JUNOS Policy Framework Configuration Guide.
firewall—To view this statement in the configuration.
firewall-control—To add this statement to the configuration.