show firewall
Syntax
show firewall <application (cfm | eswd | rmps)>> <counter counter-name> <filter (filter-name| regex regular-expression | version filter (filter-name)>> |<log <(detail | interface regex | version interface-namefilter-name)>> <log <(detail | interface interface-name )>> <prefix-action-stats filter filter-name prefix-action (prefix-action-name | prefix-action-name-term-name) <from number to number filter >> <logicalfilter-name prefix-action (prefix-action-nameprefix-action-name-term-name | all) <from number to number>> <logical-system (logical-system-name | all)> < detail | terse>
Description
Display statistics about configured firewall filters.
If you query for options on the show firewall filter
command, on Junos OS systems, you will see this output, which includes the configured Flowspec filters:
show firewall filter ? Possible completions: <filtername> Filter name __flowspec_default_inet__ # Flowspec filter name application Owner application counter Counter name logical-system Name of logical system, or 'all' regex Show filter using regular expression version Show filter version installed
However, on Junos OS Evolved systems, the Flowspec filters names are not shown here. To view Flowspec filters, use the show firewall application routing
command.
Options
none | (Optional) Display statistics and counters for all configured firewall filters and counters. For EX Series switches, this command also displays statistics about all configured policers. |
application (cfm | eswd | rmps | (Optional) Show firewall elements owned by the selected software component:
|
counter counter-name | (Optional) Name of a filter counter. |
detail | (EX Series switches and MX Series routers only) (Optional) Display firewall filter statistics and enhanced policer statistics and counters. |
filter filter-name | (Optional) Name of a configured filter. |
filter regex regular-expression | (Optional) Regular expression that matches the names of a subset of filters. |
logical-system (all | logical-system-name) | (Optional) Perform this operation on all logical systems or on a particular logical system. |
log | (Optional) Display log entries for firewall filters. |
log <(detail | interface interface-name)> | (EX Series switches only) (Optional) Display detailed log entries of firewall activity or log information about a specific interface. |
policer counters <(detail | counter-id counter-index <detail>)> | (EX8200 switches only) (Optional) Display enhanced policer counter statistics in brief or in detail. |
prefix-action-stats | (Optional) Display prefix action statistics for firewall filters. |
terse | (Optional) Display firewall filter names only. |
Required Privilege Level
view
Output Fields
Table 1 lists the output fields for the show firewall
command. Output fields are listed in the approximate order in which they appear.
Field Name |
Field Description |
---|---|
|
Name of a filter that has been configured with the Except on EX Series switches:
|
|
Display filter counter information:
Note:
On M and T Series routers, firewall filters cannot count |
|
Display policer information:
|
|
(EX8200 switch only) Global management counter ID. The counter ID value (counter-index) can be 0, 1, or 2. |
|
(EX8200 switch only) Number of packets within the limits. The number of packets is smaller than the committed information rate (CIR). |
|
(EX8200 switch only) Number of packets partially within the limits. The number of packets is greater than the CIR, but the burst size is within the excess burst size (EBS) limit. |
|
(EX8200 switch only) Number of discarded packets. |
|
(EX8200 switch only) Number of green, yellow, red, or discarded packets in bytes. |
|
(EX8200 switch only) Number of green, yellow, red, or discarded packets. |
|
(EX8200 switch only) Name of the filter with a term associated to a policer. |
|
(EX8200 switch only) Name of the term associated with a policer. |
|
(EX8200 switch only) Name of the policer that is associated with a global management counter. |
P1-t1 |
|
|
Filter action:
|
|
Interface on which the firewall filter is applied. |
|
Name of the packet protocol. |
|
Length of the packet. |
|
Source address of the packet. |
|
Destination address of the packet. |
Sample Output
- show firewall
- show firewall filter (MX Series Router and EX Series Switch)
- show firewall filter (non MX Series Router and EX Series Switch)
- command-name
- show firewall filter (Dynamic Input Filter)
- show firewall (counter counter-name)
- show firewall log
- show firewall policer counters (EX8200 Switch)
- show firewall policer counters (detail) (EX8200 Switch)
- show firewall policer counters (counter-id counter-index) (EX8200 Switch)
- show firewall policer counters (counter-id counter-index detail) (EX8200 Switch)
- show firewall detail
- show firewall application cfm (Junos OS Evolved)
show firewall
user@host> show firewall Filter: ef_path Counters: Name Bytes Packets def-count 0 0 video-count 0 0 voice-count 0 0 Filter: __default_bpdu_filter__ Filter: deep Counters: Name Bytes Packets deep2 302076 5031 Filter: deep-flood Counters: Name Bytes Packets deep_flood_def 302136 5032 deep1 0 0 Policers: Name Packets deep-pol-op-first 0
show firewall filter (MX Series Router and EX Series Switch)
user@host> show firewall filter test Filter: test Counters: Name Bytes Packets Counter-1 0 0 Counter-2 0 0 Policers: Name Bytes Packets Policer-1 2770 70
show firewall filter (non MX Series Router and EX Series Switch)
user@host> show firewall filter test Filter: test Counters: Name Bytes Packets Counter-1 0 0 Counter-2 0 0 Policers: Name Bytes Packets Policer-1 70
command-name
show firewall filter (Dynamic Input Filter)
user@host> show firewall filter dfwd-ge-5/0/0.1-in Filter: dfwd-ge-5/0/0.1-in Counters: Name Bytes Packets c1-ge-5/0/0.1-in 0 0
show firewall (counter counter-name)
user@host> show firewall counter icmp-counter Filter: ingress-port-voip-class-filter Counters: Name Bytes Packets icmp-counter 0 0
show firewall log
user@host> show firewall log Log : Time Filter Action Interface Protocol Src Addr Dest Addr 08:00:53 pfe R ge-1/0/1.0 ICMP 192.168.3.5 192.168.3.4 08:00:52 pfe R ge-1/0/1.0 ICMP 192.168.3.5 192.168.3.4 08:00:51 pfe R ge-1/0/1.0 ICMP 192.168.3.5 192.168.3.4 08:00:50 pfe R ge-1/0/1.0 ICMP 192.168.3.5 192.168.3.4 08:00:49 pfe R ge-1/0/1.0 ICMP 192.168.3.5 192.168.3.4 08:00:48 pfe R ge-1/0/1.0 ICMP 192.168.3.5 192.168.3.4 08:00:47 pfe R ge-1/0/1.0 ICMP 192.168.3.5 192.168.3.4
show firewall policer counters (EX8200 Switch)
user@switch> show firewall policer counters Policer Counter Index 0: Bytes Packets Green: 73 15914 Yellow: 9 1962 Discard: 119 25942 Policer Counter Index 1: Bytes Packets Green: 0 0 Yellow: 0 0 Discard: 0 0 Policer Counter Index 2: Bytes Packets Green: 0 0 Yellow: 0 0 Discard: 0 0
show firewall policer counters (detail) (EX8200 Switch)
user@switch> show firewall policer counters detail Policer Counter Index 0: Bytes Packets Green: 73 15914 Yellow: 9 1962 Discard: 119 25942 Filter name Term name Policer name myfilter polcr-term-1 myfilter-polcr-1 inet-filter-ae ae-snmp policer-1 inet-filter-ae ae-ssh policer-2 Policer Counter Index 1: Bytes Packets Green: 0 0 Yellow: 0 0 Discard: 0 0 Filter name Term name Policer name Policer Counter Index 2: Bytes Packets Green: 0 0 Yellow: 0 0 Discard: 0 0 Filter name Term name Policer name
show firewall policer counters (counter-id counter-index) (EX8200 Switch)
user@switch> show firewall policer counters counter-id 0 Policer Counter Index 0: Bytes Packets Green: 73 15914 Yellow: 9 1962 Discard: 119 25942
show firewall policer counters (counter-id counter-index detail) (EX8200 Switch)
user@switch> show firewall policer counters counter-id 0 detail Policer Counter Index 0: Bytes Packets Green: 73 15914 Yellow: 9 1962 Discard: 119 25942 Filter name Term name Policer name myfilter polcr-term-1 myfilter-polcr-1 inet-filter-ae ae-snmp policer-1 inet-filter-ae ae-ssh policer-2
show firewall detail
user@host> show firewall detail Filter: __default_bpdu_filter__ Filter: foo Counters: Name Bytes Packets c1 17652140 160474 Policers: Name Bytes Packets P1-t1 OOS 0 18286 Offered 0 18446744073709376546 Transmitted 0 18446744073709358260
show firewall application cfm (Junos OS Evolved)
user@host> show firewall application cfm Filter: __cfm_filter_et-0/0/0__ Counters: Name Bytes Packets __cfm_cc_term_lvl_0__ 0 0 __cfm_cc_term_lvl_1__ 0 0 __cfm_cc_term_lvl_2__ 0 0 __cfm_cc_term_lvl_3__ 0 0 __cfm_cc_term_lvl_4__ 0 0 __cfm_cc_term_lvl_5__ 0 0 __cfm_cc_term_lvl_6__ 0 0 __cfm_cc_term_lvl_7__ 0 0 __cfm_ethtype_term__ 0 0 __cfm_lt_term_lvl_0__ 0 0 __cfm_lt_term_lvl_1__ 0 0 __cfm_lt_term_lvl_2__ 0 0 __cfm_lt_term_lvl_3__ 0 0 __cfm_lt_term_lvl_4__ 0 0 __cfm_lt_term_lvl_5__ 0 0 __cfm_lt_term_lvl_6__ 0 0 __cfm_lt_term_lvl_7__ 0 0 __cfm_ucast_term_536__ 0 0
Release Information
Command introduced before Junos OS Release 7.4.
Option logical-system
introduced in Junos OS Release 9.3.
Option terse
introduced in Junos OS Release 9.4.
Option policer counters
introduced in Junos OS Release 12.2 for EX Series switches.
Option detail
introduced in Junos OS Release 12.3 for EX Series switches.
Option detail
introduced in Junos OS Release 14.1 for MX Series routers.
Option regex regular-expression
introduced in Junos OS Release 14.2.
Option lsp
introduced in Junos OS Evolved Release 18.3R1.