- Download PDFs
- Firewall Filter Configuration Statements Supported by JUNOS
Software for EX-series Switches
- Related Topics
- Firewall Filter Match Conditions and Actions for EX-series Switches
- Example: Configuring Firewall Filters for Port, VLAN, and Router Traffic on EX-series Switches
- Configuring Firewall Filters (CLI Procedure)
- Configuring Policers to Control Traffic Rates (CLI Procedure)
- Firewall Filters for EX-series Switches Overview
Firewall Filter Configuration Statements Supported by JUNOS Software for EX-series Switches
You configure firewall filters to filter packets based on their components and to perform an action on packets that match the filter.
Table 1 lists the options that are supported for the firewall statement in JUNOS software for EX-series switches.
Table 1: Supported Options for Firewall Filter Statements
Statement and Option |
Description |
|---|---|
The family-name option specifies the version or type of addressing protocol:
|
|
The filter-name option identifies the filter. The name can contain letters, numbers, and hyphens (-) and can be up to 64 characters long. To include spaces in the name, enclose the name in quotation marks (" " ). |
|
The interface-specific option configures unique names for individual firewall counters specific to each interface. |
|
The term-name option identifies the term. The name can contain letters, numbers, and hyphens (-) and can be up to 64 characters long. To include spaces in the name, enclose the entire name in quotation marks (" " ). Each term name must be unique within a filter. |
|
The from statement is optional. If you omit it, all packets are considered to match. |
|
For information about the action and action-modifiers options, see Firewall Filter Match Conditions and Actions for EX-series Switches. |
|
The policer-name option identifies the policer. The name can contain letters, numbers, and hyphens (-) and can be up to 64 characters long. To include spaces in the name, enclose the name in quotation marks (" " ). |
|
The filter-specific option configures policers and counters for a specific filter name. |
|
The bandwidth-limit bps option specifies the traffic rate in bits per second (bps). You can specify bps as a decimal value or as a decimal number followed by one of the following abbreviations:
Range: 1000 (1k) through 102,300,000,000 (102.3g) bps The burst-size-limit bytes option specifies the maximum allowed burst size to control the amount of traffic bursting. To determine the value for the burst-size limit, you can multiply the bandwidth of the interface on which the filter is applied by the amount of time to allow a burst of traffic at that bandwidth to occur: You can specify a decimal value or a decimal number followed by k (thousand) or m (million). Range: 1 through 2,147,450,880 bytes |
|
Use the policer-action option to specify discard to discard traffic that exceeds the rate limits. |
JUNOS software for EX-series switches does not support some of the firewall filter statements that are supported by other JUNOS software packages. Table 2 shows the firewall filter statements that are not supported by JUNOS Software for EX-series switches.
Table 2: Firewall Filter Statements That Are Not Supported by JUNOS Software for EX-series Switches
Statements not supported |
Statement hierarchy level |
|---|---|