filter (Firewall Filters)
Syntax
filter filter-name { interface-specific; micro-segmentation; term term-name { from { match-conditions; } then { action; action-modifiers; } } }
Description
Configure firewall filters.
Options
filter-name—Name that identifies the filter. The name can contain letters, numbers, and hyphens (-), and can be up to 64 characters long. To include spaces in the name, enclose it in quotation marks.
micro-segmentation—Enables Group Based Policy (GBP) tagging for use with macro and micro segmentation on VXLAN. GBPs make use of existing layer 3 VXLAN network identifiers (VNI), in conjunction with firewall filter policies, to provide micro-segmentation at the level of device or tag, independent of the underlying network topology.
These match conditions are supported for GBP tagging:
-
ip-version ipv4
<ip address> | <prefix-list> -
ip-version ipv6
<ip address> | <prefix-list> -
mac-address
<mac address> -
interface
<interface_name> vlan-id <vlan id> -
vlan-id
<vlan id> -
interface
<interface_name>
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
firewall—To view this statement in the configuration.firewall-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 9.0.
Option interface-specific introduced in Junos OS Release 9.5 for EX Series switches.
Option micro-segmentation introduced in Junos OS Release 22.4R1 for supported EX4100, EX4400, EX4650, and QFX5120 Series switches.