show firewall
Syntax
show firewall <application (CFM | eswd | RMPS)>> <counter counter-name> <filter filter-name> <log <detail | interface interface-name>> <terse>
Description
Exibir estatísticas sobre filtros de firewall configurados.
Options
| aplicativo (CFM | eswd | RMPS) | (Opcional) Mostrar elementos de firewall de propriedade do componente de software selecionado:
|
| counter-name | (Opcional) Exibir estatísticas sobre um conta-filtro de firewall específico. |
| nome do filtro | (Opcional) Exibir estatísticas sobre um filtro de firewall específico. |
| Log | (Opcional) Exibir entradas de log para todas as atividades de filtro de firewall. |
| Concisa | (Opcional) Exibir apenas nomes de filtro de firewall. |
Required Privilege Level
Ver
Output Fields
Tabela 1 lista os campos de saída do show firewall comando. Os campos de saída são indicados na ordem aproximada na qual eles aparecem.
Nome de campo |
Descrição de campo |
Nível de saída |
|---|---|---|
Filter |
Nome do filtro configurado em nível |
Todos os níveis |
Counters |
Exibir informações do contador do filtro:
|
Todos os níveis |
Policers |
Exibir informações do policial:
|
Todos os níveis |
Action |
Ação do filtro:
|
Todos os níveis |
Interface |
Interface na qual o filtro de firewall é aplicado. |
Todos os níveis |
Protocol |
Nome do protocolo de pacotes. |
Todos os níveis |
Packet Length |
Comprimento do pacote. |
Todos os níveis |
Src Addr |
Endereço de origem do pacote. |
Todos os níveis |
Dest Addr |
Endereço de destino do pacote. |
Todos os níveis |
Sample Output
- show firewall
- show firewall filter filter-name
- show firewall counter counter-name
- show firewall log
- show firewall log detail
show firewall
user@switch> show firewall Filter: egress-vlan-watch-employee Counters: Name Bytes Packets counter-employee-web 0 0 Filter: ingress-port-limit-tcp-icmp Counters: Name Bytes Packets icmp-counter 560 10 Policers: Name Packets icmp-connection-policer 10 tcp-connection-policer 0 Filter: ingress-vlan-rogue-block Filter: ingress-vlan-limit-guest
show firewall filter filter-name
user@switch> show firewall filter ingress-port-limit-tcp-icmp Filter: ingress-port-limit-tcp-icmp Counters: Name Bytes Packets icmp-counter 560 10 Policers: Name Packets icmp-connection-policer 10 tcp-connection-policer 0
show firewall counter counter-name
user@switch> show firewall counter icmp-counter Filter: ingress-port-voip-class-filter Counters: Name Bytes Packets icmp-counter 560 10
show firewall log
user@switch> show firewall log Log : Time Filter Action Interface Protocol Src Addr Dest Addr 08:00:53 pfe R ge-1/0/6.0 ICMP 192.168.3.5 192.168.3.4 08:00:52 pfe R ge-1/0/6.0 ICMP 192.168.3.5 192.168.3.4 08:00:51 pfe R ge-1/0/6.0 ICMP 192.168.3.5 192.168.3.4 08:00:50 pfe R ge-1/0/6.0 ICMP 192.168.3.5 192.168.3.4 08:00:49 pfe R ge-1/0/6.0 ICMP 192.168.3.5 192.168.3.4 08:00:48 pfe R ge-1/0/6.0 ICMP 192.168.3.5 192.168.3.4 08:00:47 pfe R ge-1/0/6.0 ICMP 192.168.3.5 192.168.3.4
show firewall log detail
user@switch> show firewall log detail Log : Time of Log: 2010-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0Name of protocol: TCP, Packet Length: 50824, Source address: 172.17.22.108:829, Destination address: 192.168.70.66:513 Time of Log: 2010-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0 Name of protocol: TCP, Packet Length: 1020, Source address: 172.17.22.108:829, Destination address: 192.168.70.66:513 Time of Log: 2010-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0 Name of protocol: TCP, Packet Length: 49245, Source address: 172.17.22.108:829, Destination address: 192.168.70.66:513 Time of Log: 2010-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0 Name of protocol: TCP, Packet Length: 49245, Source address: 172.17.22.108:829, Destination address: 192.168.70.66:513 Time of Log: 2010-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0 Name of protocol: TCP, Packet Length: 49245, Source address: 172.17.22.108:829, Destination address: 192.168.70.66:513 Time of Log: 2010-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0 Name of protocol: TCP, Packet Length: 49245, Source address: 172.17.22.108:829, Destination address: 192.168.70.66:513
Release Information
Comando introduzido na versão 11.1 do Junos OS.