To configure stateful firewall services, include the stateful-firewall statements at the [edit services] hierarchy level:
- stateful-firewall {
-
-
rule rule-name {
-
match-direction (input | output | input-output);
-
-
term term-name {
-
-
from {
-
applications [ application-names ];
-
application-sets [ set-names ];
-
destination-address (address | any-unicast) <except>;
-
destination-address-range low minimum-value high maximum-value <except>;
-
destination-prefix-list list-name <except>;
-
source-address (address | any-unicast) <except>;
-
source-address-range low minimum-value high maximum-value <except>;
-
source-prefix-list list-name <except>;
- }
-
-
then {
- (accept | discard | reject);
-
allow-ip-option [ values ];
-
syslog;
- }
- }
- }
-
-
rule-set rule-set-name {
- [ rule rule-names ];
- }
- }
This chapter contains the following sections: