Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All
     

    Related Documentation

     

    simple-filter (Firewall)

    Syntax

    simple-filter filter-name {
    term term-name {
    from {
    match-conditions;
    }
    then {
    (accept | discard);
    forwarding-class class-name;
    policer policer-name;
    three-color-policer policer-name {
    (single-rate single-rate-policer-name | two-rate two-rate-policer-name);
    }
    }
    }
    }

    Hierarchy Level

    [edit firewall family family-name]

    Release Information

    Statement introduced in Junos OS Release 9.5.

    Description

    Define a simple filter. Simple filters are recommended for metropolitan Ethernet applications.

    Options

    • from—Match packet fields to values. If the from option is not included, all packets are considered to match and the actions and action modifiers in the then statement are taken.
    • match-conditions—One or more conditions to use to make a match.
    • term-name—Name that identifies the term. The name can contain letters, numbers, and hyphens (-), and can be up to 255 characters long. To include space in the name, enclose it in quotation marks (“ ”).
    • then—Actions to take on matching packets. If the then option is not included and a packet matches all the conditions in the from statement, the packet is accepted.

    Note: On SRX1400, SRX3400, and SRX3600 devices, the Forwarding class as match condition feature is not supported by a simple filter.

    Note: SRX3400 and SRX3600 devices have the following limitations of a simple filter:

    • The forwarding class is the match condition.
    • In the packet processor on an IOC, up to 400 logical interfaces can be applied with simple filters.
    • In the packet processor on an IOC, the maximum number of terms of all simple filters is 2000.
    • In the packet processor on an IOC, the maximum number of policers is 2000
    • In the packet processor on an IOC, the maximum number of three-color-policers is 2000
    • The maximum burst size of a policer or three-color-policer is 16 MB.

    Required Privilege Level

    interface—To view this statement in the configuration.

    interface-control—To add this statement to the configuration.

     

    Related Documentation

     

    Modified: 2017-09-13