Mapping OpenConfig Firewall Filter Commands to Junos Configuration
See OpenConfig Data Model Version topic to understand the data models supported version and its Junos OS or Junos Evolved OS release for Juniper Networks ACX Series, MX Series and PTX Series.
The following tables show the mapping of OpenConfig firewall filter commands with the relevant configuration in Junos OS:
- Table 1: Differentiated Services code point (DSCP) Filter Configuration
- Table 2: Google Discovery Protocol (GDP) and Traceroute Configuration
-
Table 3: MPLS Filter Configuration.
- Table 4: IPv4 Filter Configuration
- Table 5: IPv6 Filter Configuration
- Table 6: Bind Configuration
- Table 7: IPv6 Network Instance Filtering Configuration
- Table 8: Network Instance Action Filtering Configuration
- Table 9: Network Instance Bind Configuration
|
Command Name |
OpenConfig Configuration |
Junos Configuration |
|---|---|---|
|
Filter |
network-instances {
network-instance n1 {
policy-forwarding {
policies {
policy dscp-steer {
config {
policy-id dscp-steer;
}
rules {
rule 1 {
config {
sequence-id 1;
}
ipv4 {
config {
dscp <>;
}
}
ipv6 {
config {
dscp <>;
}
}
action {
config {
network-instance <>;
}
}
}
}
}
}
}
}
|
firewall {
family inet {
filter dscp-steer-ipv4-n1 {
term 1 {
from {
interface et-1/0/0.0;
dscp <>;
}
then {
routing-instance <>;
}
}
term 2 {
then accept;
}
}
}
family inet6 {
filter dscp-steer-ipv6-n1 {
term 1 {
from {
interface et-1/0/0.0;
traffic-class <>;
}
then {
routing-instance <>;
}
}
term 2 {
then accept;
}
}
}
}
|
|
Binding |
network-instances {
network-instance n1 {
policy-forwarding {
interfaces {
interface et-1/0/0.0 {
config {
apply-forwarding-policy dscp_steer;
}
interface-ref {
config {
interface et-1/0/0;
subinterface 0;
}
}
}
}
}
}
}
|
routing-instances {
n1 {
forwarding-options {
family inet {
filter {
input dscp-steer-ipv4-n1;
}
}
family inet6 {
filter {
input dscp-steer-ipv6-n1;
}
}
}
}
}
In case of binding to ‘default’ routing instance then following will be the junos config
forwarding-options {
family inet {
filter {
input dscp-steer-ipv4-n1;
}
}
family inet6 {
filter {
input dscp-steer-ipv6-n1;
}
}
}
|
|
This OpenConfig DSCP configuration is intended to filter traffic routed to a specific port according to the following set of input criteria specified in the device configuration:
If there is no match, packets are filtered back to a default VRF context where they are routed according to the exposed header. |
||
|
Command Name |
OpenConfig Configuration |
Junos Configuration |
|---|---|---|
|
Filter |
acl-sets {
acl-set gdp-trace-route-filter ACL_MIXED {
config {
name gdp-trace-route-filter;
type ACL_MIXED;
}
acl-entries {
acl-entry 1 {
config {
sequence-id 1;
}
l2 {
config {
ethertype 0x6007;
}
}
actions {
config {
jnx-redirect <>;
}
}
acl-entry 2 {
config {
sequence-id 2;
}
ipv4 {
config {
hop-limit 0;
}
}
actions {
config {
jnx-redirect <>;
}
}
acl-entry 3 {
config {
sequence-id 3;
}
ipv4 {
config {
hop-limit 1;
}
}
actions {
config {
jnx-redirect <>;
}
}
acl-entry 4 {
config {
sequence-id 4;
}
ipv6 {
config {
hop-limit 0;
}
}
actions {
config {
jnx-redirect <>;
}
}
acl-entry 5 {
config {
sequence-id 5;
}
ipv6 {
config {
hop-limit 1;
}
}
actions {
config {
jnx-redirect <>;
}
}
}
acl-entry 6 {
config {
sequence-id 6;
}
actions {
config {
forwarding-action ACCEPT;
}
}
}
}
}
}
}
|
firewall {
family any {
filter gdp-trace-route-filter {
term 1 {
from {
ether-type 0x6007;
}
then redirect <>;
}
term 2 {
from {
ip-version {
ipv4 {
ttl 0;
}
}
}
then redirect <>;
}
term 3 {
from {
ip-version {
ipv4 {
ttl 1;
}
}
}
then redirect <>;
}
term 4 {
from {
ip-version {
ipv6 {
hop-limit 0;
}
}
}
then redirect <>;
}
term 5 {
from {
ip-version {
ipv6 {
hop-limit 1;
}
}
}
then redirect <>;
}
term 6 {
then accept;
}
}
}
}
services {
inline-monitoring {
instance {
<> {
controller p4;
}
}
}
}
|
|
The Junos |
||
|
Binding |
interfaces {
interface et-0/0/1 {
config {
id et-0/0/1;
}
interface-ref {
config {
interface et-0/0/1;
subinterface 4000;
}
}
ingress-acl-sets {
ingress-acl-set gdp-trace-route-filter ACL_MIXED {
config {
set-name gdp-trace-route-filter;
type ACL_MIXED;
}
}
}
}
}
|
/* gdp-trace-route-filter binding */
interfaces {
et-0/0/1 {
unit 4000 {
filter {
input gdp-trace-route-filter;
}
}
}
}
|
|
Command Name |
OpenConfig Configuration |
Junos Configuration |
|---|---|---|
|
Traffic class |
acl-sets {
acl-set <> ACL_MPLS {
acl-entries {
acl-entry 1 {
mpls {
config {
traffic-class <>;
}
}
}
}
}
}
|
family mpls {
filter <> {
term <> {
from {
exp0 <>;
}
}
}
}
|
|
OpenConfig path: /acl/acl-sets/acl-set/acl-entries/acl-entry/mpls/config/traffic-class |
||
|
Start label value |
acl-sets {
acl-set <> ACL_MPLS {
acl-entries {
acl-entry 1 {
mpls {
config {
start-label-value <>;
}
}
}
}
}
}
|
family mpls {
filter <> {
term <> {
from {
label 0 <>;
}
}
}
}
|
|
OpenConfig path: /acl/acl-sets/acl-set/acl-entries/acl-entry/mpls/config/start-label-value |
||
|
End label value |
acl-sets {
acl-set <> ACL_MPLS {
acl-entries {
acl-entry 1 {
mpls {
config {
end-label-value <>;
}
}
}
}
}
}
|
family mpls {
filter <> {
term <> {
from {
label 0 <>;
}
}
}
}
|
|
OpenConfig path: /acl/acl-sets/acl-set/acl-entries/acl-entry/mpls/config/end-label-value |
||
|
Command Name |
OpenConfig Configuration |
Junos Configuration |
|---|---|---|
|
destination address |
acl-sets {
acl-set <> ACL_IPV4 {
acl-entries {
acl-entry <> {
ipv4 {
config {
destination-address <>;
}
}
}
}
}
}
|
firewall {
family inet {
filter <> {
term <> {
from {
destination-address {
<>;
}
}
}
}
}
}
|
|
OpenConfig path: acl/acl-sets/acl-set/acl-entries/acl-entry/ipv4/config/destination-address |
||
|
DSCP |
acl-sets {
acl-set <> ACL_IPV4 {
acl-entries {
acl-entry <> {
ipv4 {
config {
dscp <>;
}
}
}
}
}
}
|
Firewall {
family inet {
filter <> {
term <> {
from {
dscp <>;
}
}
}
}
}
|
|
OpenConfig path: acl/acl-sets/acl-set/acl-entries/acl-entry/ipv4/config/dscp |
||
|
hop limit |
acl-sets {
acl-set <> ACL_IPV4 {
acl-entries {
acl-entry <> {
ipv4 {
config {
hop-limit <>;
}
}
}
}
}
}
|
firewall {
family inet {
filter <> {
term <> {
from {
ttl <>;
}
}
}
}
}
|
|
OpenConfig path: acl/acl-sets/acl-set/acl-entries/acl-entry/ipv4/config/hop-limit |
||
|
protocol |
acl-sets {
acl-set <> ACL_IPV4 {
acl-entries {
acl-entry <> {
ipv4 {
config {
protocol <>;
}
}
}
}
}
}
|
firewall {
family inet {
filter <> {
term <> {
from {
protocol <>;
}
}
}
}
}
|
|
OpenConfig path: acl/acl-sets/acl-set/acl-entries/acl-entry/ipv4/config/protocol |
||
|
source address |
acl-sets {
acl-set <> ACL_IPV4 {
acl-entries {
acl-entry <> {
ipv4 {
config {
source-address <>;
}
}
}
}
}
}
|
firewall {
family inet {
filter <> {
term <> {
from {
source-address {
<>;
}
}
}
}
}
}
|
|
OpenConfig path: acl/acl-sets/acl-set/acl-entries/acl-entry/ipv4/config/source-address |
||
|
destination port |
acl-sets {
acl-set <> ACL_IPV4 {
acl-entries {
acl-entry <> {
transport {
config {
destination-port <>;
}
}
}
}
}
}
|
firewall {
family inet {
filter <> {
term <> {
from {
destination-port <>;
}
}
}
}
}
|
|
OpenConfig path: /acl/acl-sets/acl-set/acl-entries/acl-entry/transport/config/destination-port |
||
|
source port |
acl-sets {
acl-set <> ACL_IPV4 {
acl-entries {
acl-entry <> {
transport {
config {
source-port <>;
}
}
}
}
}
}
|
firewall {
family inet {
filter <> {
term <> {
from {
source-port <>;
}
}
}
}
}
|
|
OpenConfig path: /acl/acl-sets/acl-set/acl-entries/acl-entry/transport/config/source-port |
||
|
TCP flags |
acl-sets {
acl-set <> ACL_IPV4 {
acl-entries {
acl-entry <> {
transport {
config {
tcp-flags <>;
}
}
}
}
}
}
|
firewall {
family inet {
filter <> {
term <> {
from {
tcp-flags <>;
}
}
}
}
}
|
|
OpenConfig path: /acl/acl-sets/acl-set/acl-entries/acl-entry/transport/config/tcp-flags |
||
|
interface |
acl-sets {
acl-set <> ACL_IPV4 {
acl-entries {
acl-entry <> {
input-interface {
interface-ref {
config {
interface <>;
subinterface <>;
}
}
}
}
}
}
}
|
firewall {
family inet {
filter <> {
term <> {
from {
interface <>;
}
}
}
}
}
|
|
OpenConfig path: /acl/acl-sets/acl-set/acl-entries/acl-entry/input-interface/interface-ref/config/interface-subinterface |
||
|
forwarding-action ACCEPT |
acl-sets {
acl-set <> ACL_IPV4 {
acl-entries {
acl-entry <> {
actions {
config {
forwarding-action ACCEPT;
}
}
}
}
}
}
|
firewall {
family inet {
filter <> {
term <> {
then accept;
}
}
}
}
|
|
OpenConfig path: /acl/acl-sets/acl-set/acl-entries/acl-entry/actions/config/forwarding-action |
||
|
forwarding-action DROP |
acl-sets {
acl-set <> ACL_IPV4 {
acl-entries {
acl-entry <> {
actions {
config {
forwarding-action DROP;
}
}
}
}
}
}
|
firewall {
family inet {
filter <> {
term <> {
then {
discard;
}
}
}
}
}
|
|
OpenConfig path: /acl/acl-sets/acl-set/acl-entries/acl-entry/actions/config/forwarding-action |
||
|
forwarding-action REJECT |
acl-sets {
acl-set <> ACL_IPV4 {
acl-entries {
acl-entry <> {
actions {
config {
forwarding-action REJECT;
}
}
}
}
}
}
|
firewall {
family inet {
filter <> {
term <> {
then {
reject;
}
}
}
}
}
|
|
OpenConfig path: /acl/acl-sets/acl-set/acl-entries/acl-entry/actions/config/forwarding-action |
||
|
log-action LOG_SYSLOG |
acl-sets {
acl-set <> ACL_IPV4 {
acl-entries {
acl-entry <> {
actions {
config {
log-action LOG_SYSLOG;
}
}
}
}
}
}
|
firewall {
family inet {
filter <> {
term <> {
then syslog;
}
}
}
}
|
|
OpenConfig path: /acl/acl-sets/acl-set/acl-entries/acl-entry/actions/config/log-action |
||
|
Command Name |
OpenConfig Configuration |
Junos Configuration |
|---|---|---|
|
destination address |
acl-sets {
acl-set <> ACL_IPV6 {
acl-entries {
acl-entry <> {
ipv6 {
config {
destination-address <>;
}
}
}
}
}
}
|
firewall {
family inet6 {
filter <> {
term <> {
from {
destination-address {
<>;
}
}
}
}
}
}
|
|
OpenConfig path: /acl/acl-sets/acl-set/acl-entries/acl-entry/ipv6/config/destination-address |
||
|
hop limit |
acl-sets {
acl-set <> ACL_IPV6 {
acl-entries {
acl-entry <> {
ipv6 {
config {
hop-limit <>;
}
}
}
}
}
}
|
firewall {
family inet6 {
filter <> {
term <> {
from {
hop-limit <>;
}
}
}
}
}
|
|
OpenConfig path: /acl/acl-sets/acl-set/acl-entries/acl-entry/ipv6/config/hop-limit |
||
|
protocol |
acl-sets {
acl-set <> ACL_IPV6 {
acl-entries {
acl-entry <> {
ipv6 {
config {
protocol <>;
}
}
}
}
}
}
|
firewall {
family inet6 {
filter <> {
term <> {
from {
next-header <>;
}
}
}
}
}
|
|
OpenConfig path: /acl/acl-sets/acl-set/acl-entries/acl-entry/ipv6/config/protocol |
||
|
source address |
acl-sets {
acl-set <> ACL_IPV6 {
acl-entries {
acl-entry <> {
ipv6 {
config {
source-address <>;
}
}
}
}
}
}
|
firewall {
family inet6 {
filter <> {
term <> {
from {
source-address {
<>;
}
}
}
}
}
}
|
|
OpenConfig path: /acl/acl-sets/acl-set/acl-entries/acl-entry/ipv6/config/source-address |
||
|
DSCP |
acl-sets {
acl-set <> ACL_IPV6 {
acl-entries {
acl-entry <> {
ipv6 {
config {
dscp <>;
}
}
}
}
}
}
|
firewall {
family inet6 {
filter <> {
term <> {
from {
traffic-class <>;
}
}
}
}
}
}
|
|
OpenConfig path: /acl/acl-sets/acl-set/acl-entries/acl-entry/ipv6/config/dscp |
||
|
destination port |
acl-sets {
acl-set <> ACL_IPV6 {
acl-entries {
acl-entry <> {
transport {
config {
destination-port <>;
}
}
}
}
}
}
|
firewall {
family inet6 {
filter <> {
term <> {
from {
destination-port <>;
}
}
}
}
}
|
|
OpenConfig path: /acl/acl-sets/acl-set/acl-entries/acl-entry/transport/config/destination-port |
||
|
source port |
acl-sets {
acl-set <> ACL_IPV6 {
acl-entries {
acl-entry <> {
transport {
config {
source-port <>;
}
}
}
}
}
}
|
firewall {
family inet6 {
filter <> {
term <> {
from {
source-port <>;
}
}
}
}
}
|
|
OpenConfig path: /acl/acl-sets/acl-set/acl-entries/acl-entry/transport/config/source-port |
||
|
TCP flags |
acl-sets {
acl-set <> ACL_IPV6 {
acl-entries {
acl-entry <> {
transport {
config {
tcp-flags <>;
}
}
}
}
}
}
|
firewall {
family inet6 {
filter <> {
term <> {
from {
tcp-flags <>;
}
}
}
}
}
|
|
OpenConfig path: /acl/acl-sets/acl-set/acl-entries/acl-entry/transport/config/tcp-flags |
||
|
interface |
acl-sets {
acl-set <> ACL_IPV6 {
acl-entries {
acl-entry <> {
input-interface {
interface-ref {
config {
interface <>;
subinterface <>;
}
}
}
}
}
}
}
|
firewall {
family inet6 {
filter <> {
term <> {
from {
interface <>;
}
}
}
}
}
|
|
OpenConfig path: /acl/acl-sets/acl-set/acl-entries/acl-entry/input-interface/interface-ref/config/interface |
||
|
forwarding-action ACCEPT |
acl-sets {
acl-set <> ACL_IPV6 {
acl-entries {
acl-entry <> {
actions {
config {
forwarding-action ACCEPT;
}
}
}
}
}
}
|
firewall {
family inet6 {
filter <> {
term <> {
then accept;
}
}
}
}
|
|
OpenConfig path: /acl/acl-sets/acl-set/acl-entries/acl-entry/actions/config/forwarding-action |
||
|
forwarding-action DROP |
acl-sets {
acl-set <> ACL_IPV6 {
acl-entries {
acl-entry <> {
actions {
config {
forwarding-action DROP;
}
}
}
}
}
}
|
firewall {
family inet6 {
filter <> {
term <> {
then discard;
}
}
}
}
|
|
OpenConfig path: /acl/acl-sets/acl-set/acl-entries/acl-entry/actions/config/forwarding-action |
||
|
forwarding-action REJECT |
acl-sets {
acl-set <> ACL_IPV6 {
acl-entries {
acl-entry <> {
actions {
config {
forwarding-action REJECT;
}
}
}
}
}
}
|
firewall {
family inet6 {
filter <> {
term <> {
then {
reject;
}
}
}
}
}
|
|
OpenConfig path: /acl/acl-sets/acl-set/acl-entries/acl-entry/actions/config/forwarding-action |
||
|
log-action LOG_SYSLOG |
acl-sets {
acl-set <> ACL_IPV6 {
acl-entries {
acl-entry <> {
actions {
config {
log-action LOG_SYSLOG;
}
}
}
}
}
}
|
firewall {
family inet6 {
filter <> {
term <> {
then syslog;
}
}
}
}
|
|
OpenConfig path: /acl/acl-sets/acl-set/acl-entries/acl-entry/actions/config/log-action |
||
|
Command Name |
OpenConfig Configuration |
Junos Configuration |
|---|---|---|
|
ingress bind configuration |
openconfig-acl:acl {
interfaces {
interface <> {
interface-ref {
config {
interface <>;
subinterface <>;
}
}
ingress-acl-sets {
ingress-acl-set <> ACL_IPV6;
}
}
}
}
|
interfaces {
xe-<> {
unit 0 {
family inet6 {
filter {
input <>;
}
}
}
}
}
|
|
OpenConfig path: /acl/interfaces/interface/config/interface/interface-ref/config/interface/ingress-acl-sets/ingress-acl-set |
||
|
egress bind configuration |
openconfig-acl:acl {
interfaces {
interface <> {
interface-ref {
config {
interface <>;
subinterface <>;
}
}
egress-acl-sets {
egress-acl-set <> ACL_IPV6;
}
}
}
}
|
interfaces {
<> {
unit 0 {
family inet6 {
filter {
output <>;
}
}
}
}
}
|
|
OpenConfig path: /acl/interfaces/interface/config/interface/interface-ref/config/interface/egress-acl-sets/egress-acl-set |
||
|
Command Name |
OpenConfig Configuration |
Junos Configuration |
|---|---|---|
|
destination address |
network-instances {
network-instance <> {
policy-forwarding {
policies {
policy <> {
rules {
rule <> {
ipv6 {
config {
destination-address <>;
}
}
}
}
}
}
}
}
}
|
firewall {
family inet6 {
filter <> {
term <> {
from {
destination-address {
<>;
}
}
}
}
}
}
|
|
OpenConfig path: /network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/ipv6/config/destination-address |
||
|
hop limit |
network-instances {
network-instance <> {
policy-forwarding {
policies {
policy <> {
rules {
rule <> {
ipv6 {
config {
hop-limit <>;
}
}
}
}
}
}
}
}
}
|
firewall {
family inet6 {
filter <> {
term <> {
from {
ttl <>;
}
}
}
}
}
|
|
OpenConfig path: /network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/ipv6/config/hop-limit |
||
|
protocol |
network-instances {
network-instance <> {
policy-forwarding {
policies {
policy <> {
rules {
rule <> {
ipv6 {
config {
protocol <>;
}
}
}
}
}
}
}
}
}
|
firewall {
family inet6 {
filter <> {
term <> {
from {
protocol <>;
}
}
}
}
}
|
|
OpenConfig path: /network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/ipv6/config/protocol |
||
|
source address |
network-instances {
network-instance <> {
policy-forwarding {
policies {
policy dscp <> {
rules {
rule <> {
ipv6 {
config {
source-address <>;
}
}
}
}
}
}
}
}
}
|
firewall {
family inet6 {
filter <> {
term <> {
from {
source-address <>;
}
}
}
}
}
|
|
OpenConfig path: /network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/ipv6/config/source-address |
||
|
action: discard |
network-instances {
network-instance <> {
policy-forwarding {
policies {
policy <> {
rules {
rule <> {
action {
config {
discard <>;
}
}
}
}
}
}
}
}
}
|
firewall {
family inet6 {
filter <> {
term <> {
then {
discard;
}
}
}
}
}
|
|
Command Name |
OpenConfig Configuration |
Junos Configuration |
|---|---|---|
|
action: discard |
network-instances {
network-instance <> {
policy-forwarding {
policies {
policy <> {
rules {
rule <> {
action {
config {
discard <>;
}
}
}
}
}
}
}
}
}
|
firewall {
family inet {
filter <> {
term <> {
then {
discard;
}
}
}
}
}
firewall {
family inet6 {
filter <> {
term <> {
then {
discard;
}
}
}
}
}
|
|
OpenConfig path: /network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/action/config/discard |
||
|
action: config network-instance |
network-instances {
network-instance <> {
policy-forwarding {
policies {
policy dscp-steer {
rules {
rule <> {
action {
config {
network-instance <>;
}
}
}
}
}
}
}
}
}
|
firewall {
family inet {
filter <> {
term <> {
then {
routing-instance <>;
}
}
}
}
}
firewall {
family inet6 {
filter <> {
term <> {
then {
routing-instance <>;
}
}
}
}
}
|
|
OpenConfig path: /network-instances/network-instance/policy-forwarding/policies/policy dscp-steer/rules/rule/action/config/network-instance Note:
When the |
||
|
Command Name |
OpenConfig Configuration |
Junos Configuration |
|---|---|---|
|
INET: apply forwarding policy (default routing instance) |
INET interface bind ingress (default routing instance) network-instances {
network-instance <> {
policy-forwarding {
interfaces {
interface <> {
config {
apply-forwarding-policy <>;
}
interface-ref {
config {
interface <>;
subinterface <>;
}
}
}
}
}
}
}
|
INET interface bind ingress (default routing instance) firewall {
family inet {
filter <> {
term <> {
then {
next-interface;
}
}
}
}
}
forwarding-options {
family inet {
filter {
input <>;
}
}
}
|
|
OpenConfig path: /network-instances/network-instance/policy-forwarding/interfaces/interface/config/apply-forwarding-policy/interface-ref/config/interface/subinterface Note:
Use the |
||
|
INET: apply forwarding policy (not a default routing instance) |
INET interface bind ingress (not a default routing instance) network-instances {
network-instance <> {
policy-forwarding {
interfaces {
interface <> {
config {
apply-forwarding-policy <>;
}
interface-ref {
config {
interface <>;
subinterface <>;
}
}
}
}
}
}
}
|
INET interface bind ingress (not a default routing instance) firewall {
family inet {
filter <> {
term <> {
then {
next-interface;
}
}
}
}
}
routing-instances {
<> {
forwarding-options {
family inet {
filter {
input <>;
}
}
}
}
}
|
|
OpenConfig path: /network-instances/network-instance/policy-forwarding/interfaces/interface/config/apply-forwarding-policy/interface-ref/config/interface/subinterface |
||
|
INET6: apply forwarding policy (default routing instance) |
INET6 interface bind ingress (default routing instance) network-instances {
network-instance <> {
policy-forwarding {
interfaces {
interface <> {
config {
apply-forwarding-policy <>;
}
interface-ref {
config {
interface <>;
subinterface <>;
}
}
}
}
}
}
}
|
INET6 interface bind ingress (default routing instance) firewall {
family inet6 {
filter <> {
term <> {
then {
next-interface;
}
}
}
}
}
forwarding-options {
family inet6 {
filter {
input <>;
}
}
}
|
|
OpenConfig path: /network-instances/network-instance/policy-forwarding/interfaces/interface/config/apply-forwarding-policy/interface-ref/config/interface/subinterface |
||
|
INET6: apply forwarding policy (not a default routing instance) |
INET6 interface bind ingress (not a default routing instance) network-instances {
network-instance <> {
policy-forwarding {
interfaces {
interface <> {
config {
apply-forwarding-policy <>;
}
interface-ref {
config {
interface <>;
subinterface <>;
}
}
}
}
}
}
}
|
INET6 interface bind ingress (not a default routing instance) firewall {
family inet6 {
filter <> {
term <> {
then {
next-interface;
}
}
}
}
}
routing-instances {
<> {
forwarding-options {
family inet6 {
filter {
input <>;
}
}
}
}
}
|
|
Note:
Please note that these filters will be implemented as an input forwarding table filter. Note:
Egress filtering is not supported. |
||