Technical Documentation

Example: Counting IP Option Packets

Count individual IP option packets, but do not block any traffic. Also, log packets that have loose or strict source routing:

[edit]firewall {family inet {filter ip-option-filter {term match-strictsource {from {ip-options strict-source-route;}then {count strict-source-route;log;accept;}}term match-loose-source {from {ip-options loose-source-route;}then {count loose-source-route;log;accept;}}term match-record {from {ip-options record-route;}then {count record-route;accept;}}term match-timestamp {from {ip-options timestamp;}then {count timestamp;accept;}}term match-router-alert {from {ip-options router-alert;}then {count router-alert;accept;}}term match-all {then accept;}}}}

Published: 2010-04-15