show security flow ip-action
Syntax
show security flow ip-action [ <filter> ] [ summary family (inet | inet6) ]
Description
Display the current IP-action settings, based on filtered options, for IP sessions running on the device.
Options
filter—Filter the display based on the specified criteria.
The following filters display those sessions that match the criteria specified by the filter. Refer to the sample output for filtered output examples.
all |[filter]—All active sessions on the device.destination-port destination-port—Destination port number of the traffic. Range is 1 through 65,535.destination-prefix destination-prefix—Destination IP prefix or address.family (inet | inet6)[filter]—IPv4 traffic or IPv6-NATPT traffic and filtered options.logical-system logical-system-name | all[filter]—Specified logical system or all logical systems.protocol protocol-name | protocol-number[filter]—Protocol name or number and filtered options.ahor51egpor8espor50greor47icmpor1icmp6or58ipipor4ospfor89pimor103rsvpor46sctpor132tcpor6udpor17
root-logical-system[filter]—Default logical system information and filtered options.source-port source-port—Source port number of the traffic. Range is 1 through 65,535.source-prefix source-prefix—Source IP prefix or address of the traffic.summary—Summary information about IP-action entries.family—Display summary of IP-action entries by family. This option is used to filter the output.inet—Display summary of IPv4 entries.inet6—Display summary of IPv6 entries.
Required Privilege Level
view
Output Fields
Table 1 lists the output
fields for the show security flow ip-action command. Output
fields are listed in the approximate order in which they appear.
Field Name |
Field Description |
|---|---|
|
Source address of outbound IP traffic. |
|
Source port number of outbound IP traffic. |
|
Destination address of inbound IP traffic. |
|
Destination port number and protocol type of inbound IP traffic. |
|
Configured timeouts and time remaining for an IP session. |
|
Security zone associated with an IP session. |
|
Configured action type, for example, block, close, and notify. |
|
The active mode and passive mode describe the states
of the |
|
The total number of IPv4 entries. |
|
The total number of IPv6 entries. |
Sample Output
- show security flow ip-action
- show security flow ip-action destination-port
- show security flow ip-action destination-prefix
- show security flow ip-action family inet protocol
- show security flow ip-action family inet logical-system all
- show security flow ip-action source-prefix
- show security flow ip-action summary
- show security flow ip-action summary family inet
- show security flow ip-action summary family inet6
show security flow ip-action
user@host> show security flow ip-action Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 203.0.113.1 * 203.0.113.4 21/tcp 293/300 * close Passive IPv4 action count: 1 on FPC0.PIC1 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 203.0.113.1 * 203.0.113.4 21/tcp 293/300 * close Passive IPv4 action count: 1 on FPC0.PIC2 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 203.0.113.1 * 203.0.113.4 21/tcp 293/300 * close Passive IPv4 action count: 1 on FPC0.PIC3 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 203.0.113.1 * 203.0.113.4 21/tcp 293/300 * close Passive IPv4 action count: 1 on FPC1.PIC0 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 203.0.113.1 * 203.0.113.4 21/tcp 293/300 * close Passive IPv4 action count: 1 on FPC1.PIC1 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 203.0.113.1 * 203.0.113.4 21/tcp 292/300 * close Passive IPv4 action count: 1 on FPC1.PIC2 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 203.0.113.1 * 203.0.113.4 21/tcp 292/300 * close Active IPv4 action count: 1 on FPC1.PIC3 IPv4 action count: Active mode 1 on all PICs IPv6 action count: 0 on FPC0.PIC1 IPv6 action count: 0 on FPC0.PIC2 IPv6 action count: 0 on FPC0.PIC3 IPv6 action count: 0 on FPC1.PIC0 IPv6 action count: 0 on FPC1.PIC1 IPv6 action count: 0 on FPC1.PIC2 IPv6 action count: 0 on FPC1.PIC3 IPv6 action count: Active mode 0 on all PICs
show security flow ip-action destination-port
user@host> show security flow ip-action destination-port 21 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 203.0.113.1 * 203.0.113.4 21/tcp 274/300 * close Passive IPv4 action count: 1 on FPC0.PIC1 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 203.0.113.1 * 203.0.113.4 21/tcp 274/300 * close Passive IPv4 action count: 1 on FPC0.PIC2 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 203.0.113.1 * 203.0.113.4 21/tcp 274/300 * close Passive IPv4 action count: 1 on FPC0.PIC3 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 203.0.113.1 * 203.0.113.4 21/tcp 274/300 * close Passive IPv4 action count: 1 on FPC1.PIC0 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 203.0.113.1 * 203.0.113.4 21/tcp 274/300 * close Passive IPv4 action count: 1 on FPC1.PIC1 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 203.0.113.1 * 203.0.113.4 21/tcp 274/300 * close Passive IPv4 action count: 1 on FPC1.PIC2 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 203.0.113.1 * 203.0.113.4 21/tcp 273/300 * close Active IPv4 action count: 1 on FPC1.PIC3 IPv4 action count: Active mode 1 on all PICs IPv6 action count: 0 on FPC0.PIC1 IPv6 action count: 0 on FPC0.PIC2 IPv6 action count: 0 on FPC0.PIC3 IPv6 action count: 0 on FPC1.PIC0 IPv6 action count: 0 on FPC1.PIC1 IPv6 action count: 0 on FPC1.PIC2 IPv6 action count: 0 on FPC1.PIC3 IPv6 action count: Active mode 0 on all PICs
show security flow ip-action destination-prefix
user@host> show security flow ip-action destination-prefix 203.0.113.4/8 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 203.0.113.1 * 203.0.113.4 21/tcp 245/300 * close Passive IPv4 action count: 1 on FPC0.PIC1 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 203.0.113.1 * 203.0.113.4 21/tcp 245/300 * close Passive IPv4 action count: 1 on FPC0.PIC2 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 203.0.113.1 * 203.0.113.4 21/tcp 245/300 * close Passive IPv4 action count: 1 on FPC0.PIC3 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 192.0.2.3 * 203.0.113.4 21/tcp 245/300 * close Passive IPv4 action count: 1 on FPC1.PIC0 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 192.0.2.3 * 203.0.113.4 21/tcp 245/300 * close Passive IPv4 action count: 1 on FPC1.PIC1 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 203.0.113.1 * 203.0.113.4 21/tcp 245/300 * close Passive IPv4 action count: 1 on FPC1.PIC2 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 203.0.113.1 * 203.0.113.4 21/tcp 245/300 * close Active IPv4 action count: 1 on FPC1.PIC3 IPv4 action count: Active mode 1 on all PICs
show security flow ip-action family inet protocol
user@host> show security flow ip-action family inet protocoludp Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 203.0.113.1 * 203.0.113.4 69/udp 287/300 * close Passive IPv4 action count: 1 on FPC0.PIC1 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 203.0.113.1 * 203.0.113.4 69/udp 287/300 * close Passive IPv4 action count: 1 on FPC0.PIC2 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 203.0.113.1 * 203.0.113.4 69/udp 287/300 * close Passive IPv4 action count: 1 on FPC0.PIC3 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 203.0.113.1 * 203.0.113.4 69/udp 287/300 * close Active IPv4 action count: 1 on FPC1.PIC0 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 203.0.113.1 * 203.0.113.4 69/udp 287/300 * close Passive IPv4 action count: 1 on FPC1.PIC1 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 203.0.113.1 * 203.0.113.4 69/udp 287/300 * close Passive IPv4 action count: 1 on FPC1.PIC2 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 203.0.113.1 * 203.0.113.4 69/udp 287/300 * close Passive IPv4 action count: 1 on FPC1.PIC3 IPv4 action count: Active mode 1 on all PICs
show security flow ip-action family inet logical-system all
user@host> show security flow ip-action family inet logical-system all Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State Logical-System 203.0.113.1 * 203.0.113.4 69/udp 267/300 * close Passive root-logical-system IPv4 action count: 1 on FPC0.PIC1 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State Logical-System 203.0.113.1 * 203.0.113.4 69/udp 267/300 * close Passive root-logical-system IPv4 action count: 1 on FPC0.PIC2 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State Logical-System 203.0.113.1 * 203.0.113.4 69/udp 267/300 * close Passive root-logical-system IPv4 action count: 1 on FPC0.PIC3 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State Logical-System 203.0.113.1 * 203.0.113.4 69/udp 267/300 * close Active root-logical-system IPv4 action count: 1 on FPC1.PIC0 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State Logical-System 203.0.113.1 * 203.0.113.4 69/udp 267/300 * close Passive root-logical-system IPv4 action count: 1 on FPC1.PIC1 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State Logical-System 203.0.113.1 * 203.0.113.4 69/udp 266/300 * close Passive root-logical-system IPv4 action count: 1 on FPC1.PIC2 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State Logical-System 203.0.113.1 * 203.0.113.4 69/udp 266/300 * close Passive root-logical-system IPv4 action count: 1 on FPC1.PIC3 IPv4 action count: Active mode 1 on all PICs
show security flow ip-action source-prefix
user@host> show security flow ip-action source-prefix 192.0.2.3/8 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 203.0.113.1 * 192.0.2.4 69/udp 244/300 * close Passive IPv4 action count: 1 on FPC0.PIC1 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 203.0.113.1 * 192.0.2.4 69/udp 244/300 * close Passive IPv4 action count: 1 on FPC0.PIC2 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 203.0.113.1 * 192.0.2.4 69/udp 244/300 * close Passive IPv4 action count: 1 on FPC0.PIC3 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 203.0.113.1 * 192.0.2.4 69/udp 244/300 * close Active IPv4 action count: 1 on FPC1.PIC0 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 203.0.113.1 * 192.0.2.4 69/udp 244/300 * close Passive IPv4 action count: 1 on FPC1.PIC1 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 203.0.113.1 * 192.0.2.4 69/udp 244/300 * close Passiveo IPv4 action count: 1 on FPC1.PIC2 Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action State 203.0.113.1 * 192.0.2.4 69/udp 244/300 * close Passive IPv4 action count: 1 on FPC1.PIC3 IPv4 action count: Active mode 1 on all PICs
show security flow ip-action summary
user@host> show security flow ip-action summary IPv4 action count: 1 on FPC0.PIC1 IPv4 action count: 1 on FPC0.PIC2 IPv4 action count: 1 on FPC0.PIC3 IPv4 action count: 1 on FPC1.PIC0 IPv4 action count: 1 on FPC1.PIC1 IPv4 action count: 1 on FPC1.PIC2 IPv4 action count: 1 on FPC1.PIC3 IPv4 action count: Active mode 1 on all PICs IPv6 action count: 0 on FPC0.PIC1 IPv6 action count: 0 on FPC0.PIC2 IPv6 action count: 0 on FPC0.PIC3 IPv6 action count: 0 on FPC1.PIC0 IPv6 action count: 0 on FPC1.PIC1 IPv6 action count: 0 on FPC1.PIC2 IPv6 action count: 0 on FPC1.PIC3 IPv6 action count: Active mode 0 on all PICs
show security flow ip-action summary family inet
user@host> show security flow ip-action summary inet IPv4 action count: 1 on FPC0.PIC1 IPv4 action count: 1 on FPC0.PIC2 IPv4 action count: 1 on FPC0.PIC3 IPv4 action count: 1 on FPC1.PIC0 IPv4 action count: 1 on FPC1.PIC1 IPv4 action count: 1 on FPC1.PIC2 IPv4 action count: 1 on FPC1.PIC3 IPv4 action count: Active mode 1 on all PICs
show security flow ip-action summary family inet6
user@host> show security flow ip-action summary family inet6 IPv6 action count: 1 on FPC0.PIC1 IPv6 action count: 1 on FPC0.PIC2 IPv6 action count: 1 on FPC0.PIC3 IPv6 action count: 1 on FPC1.PIC0 IPv6 action count: 1 on FPC1.PIC1 IPv6 action count: 1 on FPC1.PIC2 IPv6 action count: 1 on FPC1.PIC3 IPv6 action count: Active mode 1 on all PICs
Release Information
Command introduced in Junos OS Release 10.1. Logical systems option added in Junos OS Release 11.2 . Summary option introduced in Junos OS Release 12.1.