Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Related Documentation


    simple-filter (Firewall)


    simple-filter filter-name {
    term term-name {
    from {
    then {
    (accept | discard);
    forwarding-class class-name;
    policer policer-name;
    three-color-policer policer-name {
    (single-rate single-rate-policer-name | two-rate two-rate-policer-name);

    Hierarchy Level

    [edit firewall family family-name]

    Release Information

    Statement introduced in Junos OS Release 9.5.


    Define a simple filter. Simple filters are recommended for metropolitan Ethernet applications.


    • from—Match packet fields to values. If the from option is not included, all packets are considered to match and the actions and action modifiers in the then statement are taken.
    • match-conditions—One or more conditions to use to make a match.
    • term-name—Name that identifies the term. The name can contain letters, numbers, and hyphens (-), and can be up to 255 characters long. To include space in the name, enclose it in quotation marks (“ ”).
    • then—Actions to take on matching packets. If the then option is not included and a packet matches all the conditions in the from statement, the packet is accepted.

    Note: On SRX1400, SRX3400, and SRX3600 devices, the Forwarding class as match condition feature is not supported by a simple filter.

    Note: SRX3400 and SRX3600 devices have the following limitations of a simple filter:

    • The forwarding class is the match condition.
    • In the packet processor on an IOC, up to 400 logical interfaces can be applied with simple filters.
    • In the packet processor on an IOC, the maximum number of terms of all simple filters is 2000.
    • In the packet processor on an IOC, the maximum number of policers is 2000
    • In the packet processor on an IOC, the maximum number of three-color-policers is 2000
    • The maximum burst size of a policer or three-color-policer is 16 MB.

    Required Privilege Level

    interface—To view this statement in the configuration.

    interface-control—To add this statement to the configuration.


    Related Documentation


    Modified: 2017-09-13