 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
When applying a firewall filter, you can define an interface to be part of an interface group. Packets received on that interface are tagged as being part of the group. You then can match these packets using the interface-group match statement, as described in Table 29.
To define an interface to be part of an interface group, include the group statement at the [edit interfaces interface-name unit logical-unit-number family family-name filter] hierarchy level:
- [edit interfaces interface-name unit logical-unit-number family filter]
- group group-number;
- input filter-name;
- output filter-name;
In the group statement, specify the interface group number to be associated with the filter.
In the input statement, list the name of one firewall filter to be evaluated when packets are received on the interface.
In the output statement, list the name of one firewall filter to be evaluated when packets are transmitted on the interface.
| Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |