[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Configuring Stateful Firewall Rule Content

To configure a stateful firewall rule, include the rule rule-name statement at the [edit services stateful-firewall] hierarchy level:




rule rule-name {

match-direction (input | output | input-output);



term term-name {



from {

applications [ application-names ];

application-sets [ set-names ];

destination-address address <except>;

destination-address-range low minimum-value high maximum-value 

     <except>;

destination-prefix-list list-name <except>;

source-address address <except>;

source-address-range low minimum-value high maximum-value<except>;

source-prefix-list list-name <except>;
}





then {
(accept | discard | reject);

allow-ip-option [ values ];

syslog;
}


}


}

Each stateful firewall rule consists of a set of terms, similar to a filter configured at the [edit firewall] hierarchy level. A term consists of the following:

from statement—Specifies the match conditions and applications that are included and excluded.
then statement—Specifies the actions and action modifiers to be performed by the router software.

The following sections describe stateful firewall rule content in more detail:

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]