Guidelines for Applying Multiple Firewall Filters as a List

Statement Hierarchy for Applying Lists of Multiple Firewall Filters

To apply a single filter to the input or output direction of a router (or switch) logical interface, you include the input filter-name or output filter-name statement under the filter stanza for a protocol family.

To apply a list of multiple filters to the input or output direction of a router (or switch) logical interface, include the input-list [ filter-names ] or output-list [ filter-names ] statement under the filter stanza for a protocol family:

You can include the interface configuration at one of the following hierarchy levels:

• [edit]

• [edit logical-systems logical-system-name]

Filter Input Lists and Output Lists for Router or Switch Interfaces

When applying a list of firewall filters as a list, the following limitations apply:

• You can specify up to 16 firewall filters for a filter input list.

• You can specify up to 16 firewall filters for a filter output list.

Types of Filters Supported in Lists

Lists of multiple firewall filters applied to a router (or switch) interface support standard stateless firewall filters only. You cannot apply lists containing service filters or simple filters to a router (or switch) interface.

Restrictions on Applying Filter Lists for MPLS or Layer 2 CCC Traffic

When applying firewall filters that evaluate MPLS traffic (family mpls) or Layer 2 circuit cross-connection traffic (family ccc), you can use the input-list [ filter-names ] and output-list [ filter-names ] statements for all interfaces except the following:

• Management and internal Ethernet (fxp) interfaces

• Loopback (lo0) interfaces

• USB modem (umd) interfaces