Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    show firewall

    Syntax

    show firewall<counter counter-name><filter filter-name><log <detail | interface interface-name>><terse>

    Release Information

    Command introduced in Junos OS Release 11.1 for the QFX Series.

    Description

    Display statistics about configured firewall filters.

    Options

    counter counter-name

    (Optional) Display statistics about a particular firewall filter counter.

    filter filter-name

    (Optional) Display statistics about a particular firewall filter.

    log

    (Optional) Display log entries for all firewall filter activity.

    terse

    (Optional) Display firewall filter names only.

    Required Privilege Level

    view

     

    Related Documentation

     

    List of Sample Output

    show firewall
    show firewall filter filter-name
    show firewall counter counter-name
    show firewall log
    show firewall log detail

    Output Fields

    Table 1 lists the output fields for the show firewall command. Output fields are listed in the approximate order in which they appear.

    Table 1: show firewall Output Fields

    Field Name

    Field Description

    Level of Output

    Filter

    Name of the filter that is configured at the [edit firewall family family-name filter] hierarchy level.

    All levels

    Counters

    Display filter counter information:

    • Name—Name of a filter counter that has been configured with the count firewall filter action modifier.
    • Bytes—Number of bytes that match the filter term where the count action modifier was specified.
    • Packets—Number of packets that matched the filter term where the count action modifier was specified.

    All levels

    Policers

    Display policer information:

    • Name—Name of the policer that is configured at the [edit firewall policer] hierarchy level.
    • Packets—Number of packets that matched the filter term where the policer action modifier was specified. This is the number of packets that exceeded the rate limits that the policer specifies.

    All levels

    Action

    Filter action:

    • A—Accept
    • D—Discard

    All levels

    Interface

    Interface on which the firewall filter is applied.

    All levels

    Protocol

    Name of the packet protocol.

    All levels

    Packet Length

    Length of the packet.

    All levels

    Src Addr

    Source address of the packet.

    All levels

    Dest Addr

    Destination address of the packet.

    All levels

    Sample Output

    show firewall

    user@switch> show firewall
    Filter: egress-vlan-watch-employee
Counters:
Name                                                Bytes              Packets
counter-employee-web                                    0                    0
Filter: ingress-port-limit-tcp-icmp
Counters:
Name                                                Bytes              Packets
icmp-counter                                            560                 10
Policers:
Name                                              Packets
icmp-connection-policer                                 10
tcp-connection-policer                                  0
Filter: ingress-vlan-rogue-block
Filter: ingress-vlan-limit-guest

    show firewall filter filter-name


    user@switch> show firewall filter ingress-port-limit-tcp-icmp
    Filter: ingress-port-limit-tcp-icmp
Counters:
Name                                                Bytes              Packets
icmp-counter                                          560                 10
Policers:
Name                                              Packets
icmp-connection-policer                                10
tcp-connection-policer                                  0

    show firewall counter counter-name

    user@switch> show firewall counter icmp-counter
    Filter: ingress-port-voip-class-filter
Counters:
Name                                                Bytes              Packets
icmp-counter                                          560                 10

    show firewall log

    user@switch> show firewall log
    Log :

Time      Filter    Action Interface     Protocol        Src Addr                         Dest Addr
08:00:53  pfe       R      ge-1/0/6.0    ICMP            192.168.3.5	                    192.168.3.4
08:00:52  pfe       R      ge-1/0/6.0    ICMP            192.168.3.5                     192.168.3.4
08:00:51  pfe       R      ge-1/0/6.0    ICMP            192.168.3.5                     192.168.3.4
08:00:50  pfe       R      ge-1/0/6.0    ICMP            192.168.3.5                     192.168.3.4
08:00:49  pfe       R      ge-1/0/6.0    ICMP            192.168.3.5                     192.168.3.4
08:00:48  pfe       R      ge-1/0/6.0    ICMP            192.168.3.5                     192.168.3.4
08:00:47  pfe       R      ge-1/0/6.0    ICMP            192.168.3.5                     192.168.3.4

    show firewall log detail

    user@switch> show firewall log detail
    Log :

Time of Log: 2010-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of 
interface: fxp0.0Name of protocol: TCP, Packet Length: 50824, Source address: 172.17.22.108:829, 
Destination address: 192.168.70.66:513
Time of Log: 2010-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0
Name of protocol: TCP, Packet Length: 1020, Source address: 172.17.22.108:829, 
Destination address: 192.168.70.66:513
Time of Log: 2010-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0
Name of protocol: TCP, Packet Length: 49245, Source address: 172.17.22.108:829, 
Destination address: 192.168.70.66:513
Time of Log: 2010-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0
Name of protocol: TCP, Packet Length: 49245, Source address: 172.17.22.108:829, 
Destination address: 192.168.70.66:513
Time of Log: 2010-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0
Name of protocol: TCP, Packet Length: 49245, Source address: 172.17.22.108:829, 
Destination address: 192.168.70.66:513
Time of Log: 2010-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0
Name of protocol: TCP, Packet Length: 49245, Source address: 172.17.22.108:829, 
Destination address: 192.168.70.66:513

    Published: 2012-09-07

    Previous Page Next Page