 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
By default, firewall filtering is not supported for packets that are less than 5 bytes in length. To filter packets less than 5 bytes in length, include an additional term to match the packet size.
For example, consider the following filter term:
- term 1 {
-
- from {
- fragment-offset-except 0;
- }
-
- then {
- reject;
- }
- }
To consider packets of 1 through 4 bytes in length, include an additional term that matches the packet size:
- term 2 {
-
- from {
- packet-length [ 21 - 24 ];
- }
-
- then {
- reject;
- }
- }
| Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |