[an error occurred while processing this directive][an error occurred while processing this directive]

Example: Counting Both Accepted and Rejected Packets

Reject all addresses except 192.168.5.0/24. In the first term, the statement 192.168.5.2/24 except causes this address to be considered a mismatch and this address is passed to the next term in the filter. The address 0.0.0.0/0 in the first term matches all other packets, and these are counted, logged, and rejected. In the second term, all packets that passed though the first term (that is, packets whose address matches 192.168.5.2/24) are counted, logged, and accepted.

[edit]firewall {family inet {filter fire1 {term 1 {from {address {192.168.5.0/24 except;0.0.0.0/0;}}then {count reject-pref1-1;log;reject;}}term 2 {then {count reject-pref1-2;log;accept;}}}}}

Published: 2010-04-15

[an error occurred while processing this directive]