port_list
Syntax
port-list port-list-name
Hierarchy Level
[edit firewall port-list port-list-name]
Description
You create a port-list to conveniently group together multiple
ports (source ports or destination ports) so that they can be referenced
easily in firewall configurations as port-list,
source-port-list and/or
destination-port-list match conditions. You can
create a port list and associate a port number with this port list by
issuing the set firewall port-list port list name
port number configuration statement.
After setting the port list, you can view the ports in the configured port-list
with the show firewall command like in the following
example.
master}[edit]
user@host# show firewall
port-list pl1 {
100-200;
40;
400;
}
In the following example, show firewall command shows the
configured port-list applied as a match condition.
{master}[edit]
user@host# show firewall
family inet {
filter f1 {
term t1 {
from {
port-list {
pl1;
}
protocol tcp;
}
}
}
}
In the following example, the show firewall command shows the
configured port-list applied as a match condition inside
source-port-list to match source port(s) in the named
port-list.
{master}[edit]
user@host# show firewall
family inet {
filter f1 {
term t1 {
from {
source-port-list {
pl1;
}
protocol tcp;
}
}
}
}
In the following example, the show firewall command shows the
configured port-list applied as a match condition inside
destination-port-list to match destination port(s) in
the named port-list.
{master}[edit]
user@host# show firewall
family inet {
filter f1 {
term t1 {
from {
destination-port-list {
pl1;
}
protocol udp;
}
}
}
}
Using port lists improves readability, reduces configuration errors, and makes it easier to update configurations, rather than having to find and update port match conditions in multiple firewall filter configurations.
Required Privilege Level
firewall—To view this statement in the configuration.
firewall-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 25.2R1