[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
Example: Counting IP Option Packets
Count individual IP option packets, but do not
block any traffic. Also, log packets that have loose or strict source
routing:
- [edit]
- firewall {
-
- family inet {
-
- filter ip-option-filter {
-
- term match-strictsource {
-
- from {
- ip-options strict-source-route;
- }
-
- then {
- count strict-source-route;
- log;
- accept;
- }
- }
-
- term match-loose-source {
-
- from {
- ip-options loose-source-route;
- }
-
- then {
- count loose-source-route;
- log;
- accept;
- }
- }
-
- term match-record {
-
- from {
- ip-options record-route;
- }
-
- then {
- count record-route;
- accept;
- }
- }
-
- term match-timestamp {
-
- from {
- ip-options timestamp;
- }
-
- then {
- count timestamp;
- accept;
- }
- }
-
- term match-router-alert {
-
- from {
- ip-options router-alert;
- }
-
- then {
- count router-alert;
- accept;
- }
- }
-
- term match-all {
- then accept;
- }
- }
- }
- }
[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
