Routing Policy and Firewall Filters | Junos OS Evolved

Layer 2 and layer 3 support for flood policers (PTX10001-36MR, PTX10004, PTX10008, and PTX10016)—Starting in Junos OS Evolved Release 21.4R1, you can configure firewall filters for flood policers on L2 (family CCC) and L3 (family any) traffic, in both the ingress and egress directions. Most match conditions (except Packet-length) and most actions are supported.

See Firewall Filter Match Conditions and Actions.

Support for forwarding class and PLP as policer actions (PTX10001-36MR, PTX10003, PTX10004, PTX10008, and PTX10016)—Starting in Junos OS Evolved Release 21.4R1, you can use forwarding class, and both forwarding class and packet loss priority (PLP) together, as policer actions in policer policy configurations. This includes both the ingress and egress directions.

See Forwarding Class and Loss Priority.

Support for input-chain and output-chain CLI filters (PTX10001-36MR, PTX10003, PTX10004, PTX10008, and PTX10016)—Starting from Junos OS Evolved Release 21.4R1, you can use multiple levels of CLI filters. The filter chain helps in logically grouping filters with a specific pattern of rules, instead of evaluating all the filter terms in one filter and deciding at the last term of it. The feature provides you the flexibility in modeling the filters as and when it is applicable in the solution. You can configure up to 8 filters in both input-chain and output-chains.

You can apply the filter chain as follows:

set interfaces interface-name unit unit family inet filter input-chain [filter1 filter2 filter3];

set interfaces interface-name unit unit family inet filter output-chain [filter1 filter2 filter3];

[See input-chain, output-chain, and Example: Using Firewall Filter Chains.]