Technical Documentation

Dynamically Attaching Statically Created Filters for a Specific Interface Family Type

You can dynamically attach statically created filters for either IPv4 (inet) or IPv6 (inet6) interface types. These filters would apply only to interfaces of the specified type.

Before you can attach a statically created filter using a dynamic profile.

  1. Create the filters you want to attach.

    See the JUNOS Policy Framework Configuration Guide for detailed information about classic firewall filters and how to create them. See Configuring Fast Update Filters for information about creating fast update filters.

  2. Create a basic dynamic profile.

    See Configuring a Basic Dynamic Profile.

To dynamically attach statically created input and output filters:

  1. Specify the unit family type you want to use when dynamically attaching the filters.
    1. For IPv4 interfaces, specify the inet unit family.
      [edit dynamic-profiles access-profile interfaces ge-1/1/1 unit 1] user@host# set family inet
    2. For IPv6 interfaces, specify the inet6 unit family.
      [edit dynamic-profiles access-profile interfaces ge-1/1/1 unit 1] user@host# set family inet6
  2. Specify the input filter in the dynamic profile.
    [edit dynamic-profiles access-profile interfaces ge-1/1/1 unit 1 family inet] user@host# set filter input static-input-filter
  3. Specify the output filter in the dynamic profile.

    Note: The following example specifies an optional precedence value for the output filter.

    [edit dynamic-profiles access-profile interfaces ge-1/1/1 unit 1 family inet] user@host# set filter output static-output-filter precedence 50

Published: 2010-04-15