Tag Elements Beginning with F
> <from> (configuration/logical-systems/firewall/family/
ethernet-switching/filter/term)
Usage
<configuration>
<logical-systems>
<firewall>
<family>
<ethernet-switching>
<filter>
<term>
<from>
<interface>...</interface>
<source-mac-address>...</source-mac-address>
<destination-mac-address>...</destination-mac-address>
<ether-type>...</ether-type>
<ether-type-except>...</ether-type-except>
<vlan>...</vlan>
<vlan-except>...</vlan-except>
<dot1q-tag>...</dot1q-tag>
<dot1q-tag-except>...</dot1q-tag-except>
<dot1q-user-priority>...</dot1q-user-priority>
<dot1q-user-priority-except>...</dot1q-user-priority-except>
<address>...</address>
<source-address>...</source-address>
<destination-address>...</destination-address>
<dscp>...</dscp>
<dscp-except>...</dscp-except>
<precedence>...</precedence>
<precedence-except>...</precedence-except>
<ip-options>...</ip-options>
<ip-options-except>...</ip-options-except>
<fragment-flags>fragment-flags</fragment-flags>
<is-fragment/>
<protocol>...</protocol>
<protocol-except>...</protocol-except>
<source-port>...</source-port>
<source-port-except>...</source-port-except>
<destination-port>...</destination-port>
<destination-port-except>...</destination-port-except>
<port>...</port>
<port-except>...</port-except>
<tcp-flags>tcp-flags</tcp-flags>
<tcp-initial/>
<tcp-established/>
<icmp-type>...</icmp-type>
<icmp-type-except>...</icmp-type-except>
<icmp-code>...</icmp-code>
<icmp-code-except>...</icmp-code-except>
</from>
</term>
</filter>
</ethernet-switching>
</family>
</firewall>
</logical-systems>
</configuration>
Description
Define match criteria.
Contents
<address>—Match IP source or destination address.
<destination-address>—Match IP destination address.
<destination-mac-address>—Match MAC destination address.
<destination-port>—Match TCP/UDP destination port.
<destination-port-except>—Do not match TCP/UDP destination port.
<dot1q-tag>—Match Dot1Q Tag Value.
<dot1q-tag-except>—Do not match Dot1Q Tag Value.
<dot1q-user-priority>—Match Dot1Q user priority.
<dot1q-user-priority-except>—Do not match Dot1Q user priority.
<dscp>—Match Differentiated Services (DiffServ) code point.
<dscp-except>—Do not match Differentiated Services (DiffServ) code point.
<ether-type>—Match Ethernet Type.
<ether-type-except>—Do not match Ethernet Type.
<fragment-flags>—Match fragment flags (in symbolic or hex formats) - (Ingress only).
<icmp-code>—Match ICMP message code.
<icmp-code-except>—Do not match ICMP message code.
<icmp-type>—Match ICMP message type.
<icmp-type-except>—Do not match ICMP message type.
<interface>—Match interface name.
<ip-options>—Match IP options.
<ip-options-except>—Do not match IP options.
<is-fragment>—Match if packet is a fragment.
<port>—Match TCP/UDP source or destination port.
<port-except>—Do not match TCP/UDP source or destination port.
<precedence>—Match IP precedence value.
<precedence-except>—Do not match IP precedence value.
<protocol>—Match IP protocol type.
<protocol-except>—Do not match IP protocol type.
<source-address>—Match IP source address.
<source-mac-address>—Match MAC source address.
<source-port>—Match TCP/UDP source port.
<source-port-except>—Do not match TCP/UDP source port.
<tcp-established>—Match packet of an established TCP connection.
<tcp-flags>—Match TCP flags (in symbolic or hex formats) - (Ingress only).
<tcp-initial>—Match initial packet of a TCP connection - (Ingress only).
<vlan>—Match Vlan Id or Name.
<vlan-except>—Do not match Vlan Id or Name.