Firewall Filter Configuration

This chapter describes the following tasks for configuring firewall filters:

• Configuring Firewall Filters
• Configuring Standard Firewall Filters
• How Firewall Filters Are Evaluated
• Overview of Match Conditions in Firewall Filter Terms
• Configuring IPv4 Match Conditions
• Configuring IPv6 Match Conditions
• Configuring Protocol-Independent Match Conditions
• Configuring Layer 2 Circuit Cross-Connect Match Conditions
• Configuring MPLS Match Conditions
• Configuring VPLS Match Conditions
• Configuring Layer 2 Bridging Match Conditions for MX Series Ethernet Services Routers
• Overview of Protocol Match Conditions
• Example: Matching on Destination Port and Protocol Fields
• Overview of Class-Based Match Conditions
• How to Specify Firewall Filter Match Conditions
• Configuring Actions in Firewall Filter Terms
• Configuring Nested Firewall Filters
• Applying Firewall Filters to Interfaces
• Overview of Firewall Filter Lists
• Firewall Filter Examples
• Example: Blocking Telnet and SSH Access
• Example: Blocking TFTP Access
• Example: Accepting DHCP Packets with Specific Addresses
• Example: Defining a Policer for a Destination Class
• Example: Counting IP Option Packets
• Example: Counting and Discarding IP Options Packets
• Example: Accepting OSPF Packets from Certain Addresses
• Example: Matching Packets Based on Two Unrelated Criteria
• Example: Counting Both Accepted and Rejected Packets
• Example: Blocking TCP Connections to a Certain Port Except from BGP Peers
• Example: Accepting Packets with Specific IPv6 TCP Flags
• Example: Setting a Rate Limit for Incoming Layer 2 Control Packets
• Configuring Service Filters
• Configuring Simple Filters
• Configuring Firewall Filters for Logical Systems
• Configuring Accounting for Firewall Filters
• Configuring Filter-Based Forwarding
• Configuring Forwarding Table Filters
• Configuring System Logging of Firewall Filter Operations