web-filter
语法
web-filter { profile (Web Filter) profile-name { dns-filter { database-file filename; dns-resp-ttl seconds; dns-server [ ip-address ]; hash-key key-string; hash-method hash-method-name; statistics-log-timer minutes; wildcarding-level level; } dns-filter-template template-name { client-interfaces [ client-interface-name ]; client-routing-instance client-routing-instance-name; dns-filter { database-file filename; dns-resp-ttl seconds; dns-server [ ip-address ]; hash-key key-string; hash-method hash-method-name; statistics-log-timer minutes; wildcarding-level level; } server-interfaces [ server-interface-name ]; server-routing-instance server-routing-instance-name; term term-name { from { src-ip-prefix [ source-prefix ]; } then { accept; dns-sinkhole; } } } global-dns-stats-log-timer minutes; url-filter-database filename; url-filter-template template-name { client-interfaces [ client-interface-name1 client-interface-name2 ]; disable-url-filtering; dns-resolution-interval minutes; dns-resolution-rate seconds; dns-retries number; dns-routing-instance dns-routing-instance-name; dns-server [ ip-address1 ip-address2 ip-address3 ]; dns-source-interface loopback-interface-name; dns-routing-instance dns-routing-instance-name; routing-instance routing-instance-name; server-interfaces [ server-interface-name1 server-interface-name2 ]; term term-name { from { src-ip-prefix [prefix1 prefix2]; dest-port [port1 port2]; } then { accept; custom-page custom-page; http-status-code http-status-code; redirect-url redirect-url; tcp-reset; } } url-filter-database filename } } }
层次结构级别
[edit services]
描述
为不允许的网站域配置 DNS 请求过滤。筛选可能导致:
通过向客户端发送包含 sinkhole 服务器的 IP 地址或域名(而不是不允许的域)的 DNS 响应来阻止对站点的访问。
记录 DNS 请求并允许访问。
其余语句将单独解释。请参阅 CLI 资源管理器。
所需权限级别
system - 在配置中查看此语句。
系统控制 - 将此语句添加到配置中。
发布信息
MX 系列上的 Junos OS 18.3R1 版中引入的语句。
Junos OS 版本 19.3R2 中添加了对带有 MX-SPC3 服务卡的 MX 系列路由器 MX240、MX480 和 MX960 上的新一代服务的支持。