Defining Dynamic Filter Processing Order
You can force filter processing to occur in a particular order by using the precedence statement. You specify a precedence for input and output filters within a dynamic profile at the [edit dynamic-profiles profile-name interfaces (interface-name | demux0) unit logical-unit-number family family] hierarchy level.
The precedence range is from 0 to 250. Setting a lower precedence value for a filter gives it a higher precedence within the dynamic profile. A precedence of zero (the default) gives the filter the highest precedence. If no precedence is specified, the filter receives a precedence of zero (highest precedence). Filters with matching precedence (zero or otherwise) are applied in random order.
Before you define a precedence for a filter in a dynamic profile.
- Create the filters you want to attach to the dynamic
profile.
See the Junos Policy Framework Configuration Guide for detailed information about firewall filters and how to create them.
- Create a basic dynamic profile.
- Attach the filters to the dynamic profile.
See Dynamically Attaching Statically Created Filters for Any Interface Type, Dynamically Attaching Statically Created Filters for a Specific Interface Family Type, or Dynamically Attaching Filters Using RADIUS Variables.
To define a precedence for an input and output filter:
- Specify the input filter precedence in the dynamic
profile.[edit dynamic-profiles profile-name interfaces interface-name unit logical-unit-number family family]user@host# set filter input precedence 50
- Specify the output filter precedence
in the dynamic profile.[edit dynamic-profiles profile-name interfaces interface-name unit logical-unit-number family family]user@host# set filter output precedence 5
Related Topics
- Classic Filters Overview
- For information about firewall filters, see the Junos Policy Framework Configuration Guide
