show firewall

Syntax


                        
                           show firewall
                           <filter filter-name>
                           
                           <counter counter-name>
                           
                           <logical-system (logical-system-name | all)>

Release Information

Command introduced before JUNOS Release 7.4.

The logical-system option introduced in JUNOS Release 9.3.

Description

Display statistics about configured firewall filters.

Options

filter-name — (Optional) Name of a configured filter.

counter counter-name — (Optional) Name of a filter counter.

logical-system (logical-system-name | all) — (Optional) Perform this operation on all logical systems or on a particular system.

Required Privilege Level

view

List of Sample Output

show firewall filter
show firewall filter (Dynamic Input Filter)
show firewall (Logical Systems)

Output Fields

Table 1 lists the output fields for the show firewall command. Output fields are listed in the approximate order in which they appear.

Table 1: show firewall Output Fields

Field Name	Field Description
Filter	Name of a filter that has been configured with the filter statement at the [edit firewall] hierarchy level. When an interface-specific filter is displayed, the name of the filter is followed by the full interface name and by either -i for an input filter, or -o for an output filter. When dynamic filters are displayed, the name of the filter is followed by the full interface name and by either -in for an input filter, or -out for an output filter. When a logical system-specific filter is displayed, the name of the filter is prefixed with two underscore (__) characters and the name of the logical system (for example, __ls1/filter1).
Counters	Display filter counter information: Name—Name of a filter counter that has been configured with the counter firewall filter action. Bytes—Number of bytes that match the filter term under which the counter action is specified. Packets—Number of packets that matched the filter term under which the counter action is specified.
Policers	Display policer information: Name—Name of policer. Packets—Number of packets that matched the filter term under which the policer action is specified. This is only the number of out-of-spec packet counts, not all packets policed by the policer.

Field Name

Field Description

Filter

Name of a filter that has been configured with the filter statement at the [edit firewall] hierarchy level.

When an interface-specific filter is displayed, the name of the filter is followed by the full interface name and by either -i for an input filter, or -o for an output filter.

When dynamic filters are displayed, the name of the filter is followed by the full interface name and by either -in for an input filter, or -out for an output filter. When a logical system-specific filter is displayed, the name of the filter is prefixed with two underscore (__) characters and the name of the logical system (for example, __ls1/filter1).

Counters

Display filter counter information:

Name—Name of a filter counter that has been configured with the counter firewall filter action.
Bytes—Number of bytes that match the filter term under which the counter action is specified.
Packets—Number of packets that matched the filter term under which the counter action is specified.

Policers

Display policer information:

Name—Name of policer.
Packets—Number of packets that matched the filter term under which the policer action is specified. This is only the number of out-of-spec packet counts, not all packets policed by the policer.

Sample Output

show firewall filter

user@host> show firewall filter test

Filter: test                                                   
Counters:
Name                            Bytes             Packets
Counter-1                           0                   0
Counter-2                           0                   0
Policers:
Name                                              Packets
Policer-1                                               0

show firewall filter (Dynamic Input Filter)

user@host> show firewall filter dfwd-ge-5/0/0.1-in

Filter: dfwd-ge-5/0/0.1-in                                     
Counters:
Name                                                Bytes              Packets
c1-ge-5/0/0.1-in                                        0                    0

show firewall (Logical Systems)

user@host>show firewall

Filter: __lr1/test                                            
Counters:
Name                                                Bytes              Packets
icmp                                                  420                    5
Filter: __default_bpdu_filter__                                
Filter: __lr1/inet_filter1                                    
Counters:
Name                                                Bytes              Packets
inet_tcp_count                                          0                    0
inet_udp_count                                          0                    0
Filter: __lr1/inet_filter2                                    
Counters:
Name                                                Bytes              Packets
inet_icmp_count                                         0                    0
inet_pim_count                                          0                    0
Filter: __lr2/inet_filter1                                    
Counters:
Name                                                Bytes              Packets
inet_tcp_count                                          0                    0
inet_udp_count                                          0                    0