show firewall
Syntax
Release Information
Command introduced in Junos OS Release 11.1.
Description
Display statistics about configured firewall filters.
Options
Connectivity Fault Management (CFM)
Ethernet switching daemon (eswd)—Shows only on devices that support it.
Resource Management and Packet Steering (RMPS)
Required Privilege Level
view
Related Documentation
List of Sample Output
show firewallshow firewall filter filter-name
show firewall counter counter-name
show firewall log
show firewall log detail
Output Fields
Table 1 lists the output fields for the show firewall command. Output fields are listed in the approximate order in which they appear.
Table 1: show firewall Output Fields
Field Name | Field Description | Level of Output |
|---|---|---|
Filter | Name of the filter that is configured at the [edit firewall family family-name filter] hierarchy level. | All levels |
Counters | Display filter counter information:
| All levels |
Policers | Display policer information:
| All levels |
Action | Filter action:
| All levels |
Interface | Interface on which the firewall filter is applied. | All levels |
Protocol | Name of the packet protocol. | All levels |
Packet Length | Length of the packet. | All levels |
Src Addr | Source address of the packet. | All levels |
Dest Addr | Destination address of the packet. | All levels |
Sample Output
show firewall
user@switch> show firewallFilter: egress-vlan-watch-employee Counters: Name Bytes Packets counter-employee-web 0 0 Filter: ingress-port-limit-tcp-icmp Counters: Name Bytes Packets icmp-counter 560 10 Policers: Name Packets icmp-connection-policer 10 tcp-connection-policer 0 Filter: ingress-vlan-rogue-block Filter: ingress-vlan-limit-guest
show firewall filter filter-name
user@switch> show firewall filter ingress-port-limit-tcp-icmpFilter: ingress-port-limit-tcp-icmp Counters: Name Bytes Packets icmp-counter 560 10 Policers: Name Packets icmp-connection-policer 10 tcp-connection-policer 0
show firewall counter counter-name
user@switch> show firewall counter icmp-counterFilter: ingress-port-voip-class-filter Counters: Name Bytes Packets icmp-counter 560 10
show firewall log
user@switch> show firewall logLog : Time Filter Action Interface Protocol Src Addr Dest Addr 08:00:53 pfe R ge-1/0/6.0 ICMP 192.168.3.5 192.168.3.4 08:00:52 pfe R ge-1/0/6.0 ICMP 192.168.3.5 192.168.3.4 08:00:51 pfe R ge-1/0/6.0 ICMP 192.168.3.5 192.168.3.4 08:00:50 pfe R ge-1/0/6.0 ICMP 192.168.3.5 192.168.3.4 08:00:49 pfe R ge-1/0/6.0 ICMP 192.168.3.5 192.168.3.4 08:00:48 pfe R ge-1/0/6.0 ICMP 192.168.3.5 192.168.3.4 08:00:47 pfe R ge-1/0/6.0 ICMP 192.168.3.5 192.168.3.4
show firewall log detail
user@switch> show firewall log detailLog : Time of Log: 2010-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0Name of protocol: TCP, Packet Length: 50824, Source address: 172.17.22.108:829, Destination address: 192.168.70.66:513 Time of Log: 2010-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0 Name of protocol: TCP, Packet Length: 1020, Source address: 172.17.22.108:829, Destination address: 192.168.70.66:513 Time of Log: 2010-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0 Name of protocol: TCP, Packet Length: 49245, Source address: 172.17.22.108:829, Destination address: 192.168.70.66:513 Time of Log: 2010-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0 Name of protocol: TCP, Packet Length: 49245, Source address: 172.17.22.108:829, Destination address: 192.168.70.66:513 Time of Log: 2010-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0 Name of protocol: TCP, Packet Length: 49245, Source address: 172.17.22.108:829, Destination address: 192.168.70.66:513 Time of Log: 2010-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0 Name of protocol: TCP, Packet Length: 49245, Source address: 172.17.22.108:829, Destination address: 192.168.70.66:513