Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

show firewall

 

Syntax

Release Information

Command introduced in Junos OS Release 11.1.

Description

Display statistics about configured firewall filters.

Options

application (CFM | eswd | RMPS)(Optional) Show firewall elements owned by the selected software component:
  • Connectivity Fault Management (CFM)

  • Ethernet switching daemon (eswd)—Shows only on devices that support it.

  • Resource Management and Packet Steering (RMPS)

counter counter-name(Optional) Display statistics about a particular firewall filter counter.
filter filter-name(Optional) Display statistics about a particular firewall filter.
log(Optional) Display log entries for all firewall filter activity.
terse(Optional) Display firewall filter names only.

Required Privilege Level

view

List of Sample Output

show firewall

show firewall filter filter-name

show firewall counter counter-name

show firewall log

show firewall log detail

Output Fields

Table 1 lists the output fields for the show firewall command. Output fields are listed in the approximate order in which they appear.

Table 1: show firewall Output Fields

Field Name

Field Description

Level of Output

Filter

Name of the filter that is configured at the [edit firewall family family-name filter] hierarchy level.

All levels

Counters

Display filter counter information:

  • Name—Name of a filter counter that has been configured with the count firewall filter action modifier.

  • Bytes—Number of bytes that match the filter term where the count action modifier was specified.

  • Packets—Number of packets that matched the filter term where the count action modifier was specified.

All levels

Policers

Display policer information:

  • Name—Name of the policer that is configured at the [edit firewall policer] hierarchy level.

  • Packets—Number of packets that matched the filter term where the policer action modifier was specified. This is the number of packets that exceeded the rate limits that the policer specifies.

All levels

Action

Filter action:

  • A—Accept

  • D—Discard

All levels

Interface

Interface on which the firewall filter is applied.

All levels

Protocol

Name of the packet protocol.

All levels

Packet Length

Length of the packet.

All levels

Src Addr

Source address of the packet.

All levels

Dest Addr

Destination address of the packet.

All levels

Sample Output

show firewall

user@switch> show firewall

show firewall filter filter-name



user@switch> show firewall filter ingress-port-limit-tcp-icmp

show firewall counter counter-name

user@switch> show firewall counter icmp-counter

show firewall log

user@switch> show firewall log

show firewall log detail

user@switch> show firewall log detail