 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
Create a filter that contains an interface group:
- [edit firewall]
- family inet {
-
- filter if-group {
-
- term group1 {
-
- from {
- interface-group 1;
-
- address {
- 192.168.80.114/32;
- }
- protocol tcp;
- port finger;
- }
-
- then {
- count if-group-counter1;
- log;
- reject;
- }
- }
-
- term group-2 {
-
- then {
- count if-group-counter2;
- log;
- accept;
- }
- }
- }
- }
Assign one or more interfaces to the interface group referenced in the filter:
- [edit interfaces]
- fxp0 {
-
- unit 0 {
-
- family inet {
-
- filter {
- group 1;
- }
- address 192.168.5.38/24;
- }
- }
- }
Apply the filter that contains an interface group:
- [edit interfaces]
- lo0 {
-
- unit 0 {
-
- family inet {
-
- filter {
- input if-group;
- group 1;
- }
- address 10.0.0.1/32;
- address 192.168.77.1/32;
- }
- }
- }
| Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |