filter
Syntax
filter filter-name { interface-specific micro-segmentation; no-longest-prefix-match; term term-name { from { match-conditions; } then { action; action-modifiers; } } }
Description
Configure firewall filters.
Options
filter-name—Name that identifies the filter. The name can contain letters, numbers, and hyphens (-), and can be up to 64 characters long. To include spaces in the name, enclose it in quotation marks.
micro-segmentation—Indicates that this firewall filter is a Group Based Policy (GBP) tagging filter. A GBP tagging filter uses firewall terms to assign GBP tags for use with macro and micro segmentation on VXLAN. GBPs make use of existing layer 3 VXLAN network identifiers (VNI), in conjunction with firewall filter policies, to provide micro-segmentation at the level of device or tag, independent of the underlying network topology.
These match conditions are supported for GBP tagging:
-
ip-version ipv4
<ip address> | <prefix-list> -
ip-version ipv6
<ip address> | <prefix-list> -
mac-address
<mac address> -
interface
<interface_name> vlan-id <vlan id> -
vlan-id
<vlan id> -
interface
<interface_name>
no-longest-prefix-match—Disables longest prefix match in IP-based GBP tagging filters. This causes IP-based firewall terms in GBP tagging filters to be evaluated in term order instead of by longest prefix match. This parameter is only applicable when micro-segmentation is enabled and is ignored otherwise. Set this parameter when you first create the filter. Do not toggle this parameter on an existing filter.
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
firewall—To view this statement in the configuration.firewall-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 11.1.
Option micro-segmentation introduced in Junos OS Release 22.4R1 to support GBP tagging filters.
Option no-longest-prefix-match introduced in Junos OS Release 24.4R1 to disable longest prefix match on IP-based GBP tagging filters.