 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
In a firewall filter, you first define the address structure type (IPv4, IPv6, or MPLS) and then you define one or more terms that specify the filtering criteria and the action to take if a match occurs. Each term consists of two components:
The order of the terms within a firewall filter is significant. Packets are tested against each term in the order in which it is listed in the configuration. When the first matching conditions are found, the action associated with that term is applied to the packet and the evaluation of the firewall filter ends, unless the next term action modifier is included. If the next term action is included, the matching packet is then evaluated against the next term in the firewall filter; otherwise, the matching packet is not evaluated against subsequent terms in the firewall filter.
If, after all terms are evaluated, a packet matches no terms in a filter, the packet is silently discarded.
If a packet arrives on an interface and a firewall filter is not configured for the incoming traffic on that interface, the packet is accepted by default.
Although policing, traffic sampling, and forwarding are configured as firewall filters, they are documented in separate parts of this manual. For information about policing, see Policer Configuration. For information about traffic sampling and forwarding, see Traffic Sampling and Forwarding Configuration.
| Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |