Type | 1 byte | | |
Filter or forward | 1 byte | | - 0 = maps to discard action
- 1 = maps to accept action
|
Indirection | 1 byte | | - 0 = adds egress terms to the output filter
- 1= adds ingress terms to the input filter
|
Spare | 1 byte | – | – |
Source IP address | IPv4 = 4 bytes IPv6 = 16 bytes | IP address of the source interface | - 0 = no mapping performed
- From source-address address entry added to term
|
Destination IP address | IPv4 = 4 bytes IPv6 = 16 bytes | IP address of the destination interface | - 0 = no mapping performed
- From destination-address address entry added to term
|
Source IP prefix | 1 byte | - Type 1 = Number of leading zeros in the wildcard mask
- Type 3 = Higher order contiguous bits of the address that
make up the network portion of the address
| - 0 = no mapping performed
- From source-address prefix entry added to term
|
Destination IP prefix | 1 byte | - Type 1 = Number of leading zeros in the wildcard mask
- Type 3 = Higher order contiguous bits of the address that
make up the network portion of the address
| - 0 = no mapping performed
- From destination-address prefix entry added to term
|
Protocol | 1 byte | Protocol type | - 0 = no mapping performed
- IPv4 = from protocol number added to term
- IPv6 = from next-header number added to term
|
Established | 1 byte | Not implemented | Not implemented |
Source port | 2 bytes | Port number of the source port | From source-port x - y entry
added to term |
Destination port | 2 bytes | Port number of the destination port | From destination-port x - y entry added to term |
Source port qualifier | 1 byte | - 0 = no compare
- 1 = less than
- 2 = equal to
- 3 = greater than
- 4 = not equal to
| - 0 = no mapping performed
- 1 – 3 = mapped to corresponding option
- 4 = mapped to except match option
|
Destination port qualifier | 1 byte | - 0 = no compare
- 1 = less than
- 2 = equal to
- 3 = greater than
- 4 = not equal to
| - 0 = no mapping performed
- 1 – 3 = mapped to corresponding match option
- 4 = mapped to except match option
|
Reserved | 2 bytes | Not used | Not used |
Marking value | 1 byte | - For IPv4 = Type of Service (ToS)
- For IPv6 = Differentiated Services Code Point (DSCP)
| Not implemented |
Marking mask | 1 byte | 0 = no packet marking | Not implemented |
Traffic class | 1–41 bytes | - 0 = no traffic class (required if there is no profile)
- First byte specifies the length of the ASCII name of the
traffic class
- Traffic class must be statically configured
- Name can optionally be null terminated, which consumes
1 byte
- If a name is given, it must match one of the default forwarding
classes (such as best-effort) or the name of a forwarding class configured
under the [edit class-of-service scheduler-maps map-name] stanza.
| Maps to the forwarding class name. The action forwarding-class name is added to term. |
Rate-limit profile | 1–41 bytes | - 0 = no rate limit (required if there is no profile)
- First byte specifies the length of the ASCII, followed
by the ASCII name of the profile
- Profile must be statically configured
- Name can optionally be null terminated, which consumes
1 byte
- If a name is given, it must match the name of one of the
firewall policers that is configured under the [edit firewall] stanza.
| Maps to the policer policer-name action modifier of the same name. The action policer name is added to term. |
