ON THIS PAGE
Example: Configuring a Filter to Match on IPv6 Flags
This example shows how to configure a filter to match on IPv6 TCP flags.
Requirements
No special configuration beyond device initialization is required before configuring this example.
Overview
In this example, you configure a filter to match on IPv6 TCP flags. You can use this example to configure IPv6 TCP flags in M Series, MX Series, and T Series routing devices.
Configuration
Procedure
Step-by-Step Procedure
To configure a filter to match on IPv6 TCP flags:
Include the family statement at the firewall hierarchy level, specifying
inet6as the protocol family.[edit] user@host# edit firewall family inet6
Create the stateless firewall filter.
[edit firewall family inet6] user@host# edit filter tcpfilt
Define the first term for the filter.
[edit firewall family inet6 filter tcpfilt] user@host# edit term 1
Define the source address match conditions for the term.
[edit firewall family inet6 filter tcpfilt term 1] user@host# set from next-header tcp tcp-flags syn
Define the actions for the term.
[edit firewall family inet6 filter tcpfilt term 1] user@host# set then count tcp_syn_pkt log accept
If you are done configuring the device, commit the configuration.
[edit firewall family inet6 filter tcpfilt term 1] user@host
top[edit] user@host# commit
Verification
To confirm that the configuration is working
properly, enter the show firewall filter tcpfilt command.