Example: Configuring Fast Update Filters for Subscriber Access

This example shows you how to configure a fast update filter that is an input filter that counts the HTTP and non-HTTP packets from a subscriber. In the example, you use the firewall stanza to create the filter and the interfaces stanza to attach the filter.

[edit dynamic-profiles myProfile]firewall {family inet {fast-update-filter httpFilter {interface-specific;match-order [source-address protocol destination-port];term term1 {from {protocol tcp;source-address $junos-subscriber-ip-address;destination-port http;}then {count http-cnt;}}term term2 {from {protocol tcp;source-address $junos-subscriber-ip-address;}then {count non-http-cnt;}}}}}interfaces {"$junos-interface-ifd-name" {unit "$junos-underlying-interface-unit" {family inet {filter {input httpFilter;}}}}}

Published: 2010-04-15