flow (Security Flow)

Syntax

flow {aging {early-ageout seconds ;high-watermark percent ;low-watermark percent ;}allow-dns-reply;bridge {block-non-ip-all;bypass-non-ip-unicast;no-packet-flooding {no-trace-route;}}route-change-timeout seconds ;syn-flood-protection-mode (syn-cookie | syn-proxy);tcp-mss {all-tcp {mss value ;}gre-in {mss value ;}gre-out {mss value ;}ipsec-vpn {mss value ;}}tcp-session {no-sequence-check;no-syn-check;no-syn-check-in-tunnel;rst-invalidate-session;rst-sequence-check;tcp-initial-timeout seconds ;}traceoptions {file filename <files number > <size maximum-file-size >;<world-readable | no-world-readable>;flag flag; }}

Hierarchy Level

[edit security]

Release Information

Statement modified in Release 9.5 of Junos OS.

Description

Determine how the device manages packet flow. The device can regulate packet flow in the following ways:

Enable or disable DNS replies when there is no matching DNS request.
Set the initial session-timeout values.

Options

The remaining statements are explained separately.

Usage Guidelines

For configuration instructions and examples, see the Junos OS Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.