Firewall Filter Configuration Statements Supported by Junos OS for EX Series Switches
You configure firewall filters to filter packets based on their components and to perform an action on packets that match the filter.
Table 1 lists the options that are supported for the firewall statement in Junos OS for EX Series switches.
Statement and Option |
Description |
---|---|
family family-name { } |
The family-name option specifies the version or type of addressing protocol:
|
filter filter-name { } |
The filter-name option identifies the filter. The name can contain letters, numbers, and hyphens (-) and can be up to 64 characters long. To include spaces in the name, enclose the name in quotation marks (" " ). |
interface-specific |
The |
term term-name { } |
The term-name option identifies the term. The name can contain letters, numbers, and hyphens (-) and can be up to 64 characters long. To include spaces in the name, enclose the entire name in quotation marks (" " ). Each term name must be unique within a filter. |
from { match-conditions; } |
The |
then { action; action-modifiers; } |
For information about the action and action-modifiers options, see Firewall Filter Match Conditions, Actions, and Action Modifiers for EX Series Switches. |
policer policer-name { } |
The policer-name option identifies the policer. The name can contain letters, numbers, and hyphens (-) and can be up to 64 characters long. To include spaces in the name, enclose the name in quotation marks (" " ). |
filter-specific |
The |
if-exceeding { bandwidth-limit bps burst-size-limit bytes } |
The bandwidth-limit bps option specifies the traffic rate in bits per second (bps). You can specify bps as a decimal value or as a decimal number followed by one of the following abbreviations:
Range: 1000 (1k) through 102,300,000,000 (102.3g) bps The burst-size-limit bytes option specifies the maximum allowed burst size to control the amount of traffic bursting. To determine the value for the burst-size limit, you can multiply the bandwidth of the interface on which the filter is applied by the amount of time (in seconds) to allow a burst of traffic at that bandwidth to occur: burst size = bandwidth * allowable time for burst traffic You can specify a decimal value or a decimal number followed by k (thousand) or m (million). Range: 1 through 2,147,450,880 bytes |
then { policer-action } |
Use the policer-action option to specify discard to discard traffic that exceeds the rate limits. |
Junos OS for EX Series switches does not support some of the firewall filter statements that are supported by other Junos OS packages. Table 2 shows the firewall filter statements that are not supported by Junos OS for EX Series switches.
Statements Not Supported |
Statement Hierarchy Level |
---|---|
|
[edit firewall] |
|
[edit firewall family family-name] |
|
[edit firewall family family-name filter filter-name] |
|
[edit firewall policer policer-name] |
bandwidth-percent number; |
[edit firewall policer policer-name if-exceeding] |