[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring Simple Filters

Simple filters are used to support Ethernet IQ2 PICs. A simple filter is a subset of a firewall filter with the following limitations:

The next-term action is not supported.
The except and protocol-except match conditions are not supported.
Non-contiguous masks are not supported.
Only one source-address and destination-address prefix are allowed for each filter term.

To configure simple filters, include the simple-filter statement at the [edit firewall family inet] hierarchy level:



[edit firewall family inet]

simple-filter filter-name {


term term-name {


from {

match-conditions;
}




then {

action; 

action-modifiers; 
}


}


}

For more information about Ethernet IQ2 PICs and related features, see the JUNOS Services Interfaces Configuration Guide and the JUNOS Class of Service Configuration Guide.

Example: Configuring a Simple Filter

Configure a simple filter to support Ethernet IQ2 PICs:



[edit]
firewall {


family inet {


simple-filter sf-1 {


term 1 {


from {
source-address 172.16.0.0/16;
destination-address 20.16.0.0/16;
source-port 1024-9071;
}




then {
forwarding-class fc-be1;
loss-priority high;
accept;
}


}




term 2 {


from {
source-address 173.16.0.0/16;
destination-address 21.16.0.0/16;
}




then {
forwarding-class fc-ef1;
loss-priority low;
accept;
}


}


}


}


}

[Contents] [Prev] [Next] [Index] [Report an Error]