Packet Filtering Features in the Junos OS

You can configure filters in the Junos OS that examine characteristics of incoming and outgoing packets, including the following:

• Bit fields in the packet header, including IP fragmentation flags, IP options, and TCP flags
• IP version 4 (IPv4) numeric range, including destination port, DiffServ code point (DSCP) value, fragment offset, Internet Control Message Protocol (ICMP) code, ICMP packet type, interface group, IP precedence, packet length, protocol, and TCP and UDP source and destination port
• IP version 6 (IPv6) numeric range, including CoS priority, destination address, destination port, ICMP code, ICMP packet type, interface group, IP address, next header, packet length, source address, source port, and TCP and UDP source and destination port
• Source and destination address and prefix list

You can configure filters to perform certain actions when packets match specified characteristics, including the following actions:

• Accept the packets
• Apply a policer
• Classify the packets based on their source address
• Discard the packets
• Evaluate the next term in the filter
• Increment a packet counter
• Reject the packets
• Sample the packets
• Set the packets’ loss priority
• Specify a forwarding class
• Specify an IPsec SA
• Specify the forwarding path that the packets follow within the router
• Write an alert or message to the system log

Related Topics

• Supported Packet Filtering Standards