Firewall Filter Match Conditions Based on Numbers or Text Aliases
Matching on a Single Numeric Value
You can specify a firewall filter match condition based on whether a particular packet field value is a specified numeric value. In the following example, a match occurs if the packet source port number is 25:
[edit firewall family inet filter filter1 term term1 from] user@host# set source-port 25
Matching on a Range of Numeric Values
You can specify a firewall filter match condition based on whether a particular packet field value falls within a specified range of numeric values. In the following example, a match occurs for source ports values from 1024 through 65,535, inclusive:
[edit firewall family inet filter filter2 term term1 from] user@host# set source-port 1024-65536
Matching on a Text Alias for a Numeric Value
You can specify a firewall filter match condition based on whether a particular packet field value is a numeric value that you specify by using a text string as an alias for the numeric value. In the following example, a match occurs if the packet source port number is 25. For the source-port and destination-port match conditions, the text aliassmtp corresponds to the numeric value 25.
[edit firewall family inet filter filter3 term term1 from] user@host# set source-port smtp
Matching on a List of Numeric Values or Text Aliases
You can specify a firewall filter match condition based on whether a particular packet field value matches any one of multiple numeric values or text aliases that you specify within square brackets and delimited by spaces. In the following example, a match occurs if the packet source port number is any of the following values: 20 (which corresponds to the text aliases ftp-data), 25, or any value from 1024 through 65535.
[edit firewall family inet filter filter3 term term1 from] user@host# set source-port [ smtp ftp-data 25 1024-65535 ]