This example shows you how to configure a fast update filter that is an input filter that counts the HTTP and non-HTTP packets from a subscriber. In the example, you use the firewall stanza to create the filter and the interfaces stanza to attach the filter.
- [edit dynamic-profiles myProfile]
- firewall {
-
- family inet {
-
- fast-update-filter httpFilter {
- interface-specific;
- match-order [source-address protocol destination-port];
-
- term term1 {
-
- from {
- protocol tcp;
- source-address $junos-subscriber-ip-address;
- destination-port http;
- }
-
- then {
- count http-cnt;
- }
- }
-
- term term2 {
-
- from {
- protocol tcp;
- source-address $junos-subscriber-ip-address;
- }
-
- then {
- count non-http-cnt;
- }
- }
- }
- }
- }
- interfaces {
-
- "$junos-interface-ifd-name" {
-
- unit "$junos-underlying-interface-unit" {
-
- family inet {
-
- filter {
- input httpFilter;
- }
- }
- }
- }
- }