You use the functions in libdfwd
, on the Routing Engine or the Multiservices PIC, to add firewall filters. Two basic filter types are supported, as defined in the junos_dfw_filter_types_t
structure:
JUNOS_DFW_FILTER_TYPE_CLASSIC
) are compiled and optimized by the system, the order of term definition is the order of evaluation.JUNOS_DFW_FILTER_TYPE_FAST_UPDATE
) allow fast update of terms. A fast update filter is not compiled or optimized. These filters have a predetermined set of match fields and the order of fields to match must be determined when the filter is created.MATCH FUNCTIONS:
junos_dfw_term_match_src_prefix
junos_dfw_term_match_dest_prefix
junos_dfw_term_match_ip_proto
junos_dfw_term_match_src_port
junos_dfw_term_match_dest_port
junos_dfw_term_match_port
junos_dfw_term_match_prefix
junos_dfw_term_match_icmp_type
junos_dfw_term_match_icmp_code
junos_dfw_term_match_packet_len
junos_dfw_term_match_dscp_code
junos_dfw_term_match_ifl_index
junos_dfw_term_action_accept
junos_dfw_term_action_discard
junos_dfw_term_action_policer
junos_dfw_term_action_count
junos_dfw_term_action_next_term
junos_dfw_term_action_redirect
junos_dfw_term_action_topology_redirect
MATCH FUNCTIONS:
junos_dfw_term_match_src_prefix
junos_dfw_term_match_dest_prefix
junos_dfw_term_match_ip_proto
junos_dfw_term_match_src_port
junos_dfw_term_match_dest_port
junos_dfw_term_action_accept
junos_dfw_term_action_discard
junos_dfw_term_action_policer
junos_dfw_term_action_count
JUNOS_DFW_FILTER_AF_INET
JUNOS_DFW_FILTER_AF_INET6