Configuring Service Filters
A service filter identifies packets on one or more services are to be applied, and which PIC performs the service. To configure service filters, include the service-filter statement at the [edit firewall family (inet | inet6)] hierarchy level:
[edit firewall family (inet | inet6)]service-filter filter-name {term term-name {from {match-conditions;}then {action;action-modifiers;}}}
 | Note: You must specify either inet or inet6 as the protocol family in order to configure a service filter. |
Service filters are configured the same way as firewall filters. A subset of match conditions and actions for firewall filters are supported for service filters.
One of the actions you configure must be service or skip:
- Specifying the service action directs packets for stateful-firewall service.
- Specifying the skip action let packets bypass stateful-firewall service.
The following actions are also supported for service filters:
- count counter-name—Count the packet in the specified counter.
- log—Log the packet header information in a buffer within the Packet Forwarding Engine. You can access this information by issuing the show firewall log command.
- port-mirror—Send packets to a packet analyzer.
- sample—Sample the packets.
For more information about services and service interfaces, see the Junos Services Interfaces Configuration Guide.
