Examples: Configuring Static Filters
This topic provides some static filter configuration examples.
firewall { policer p1 { if-exceeding { bandwidth-limit 5m; burst-size-limit 10m; } then discard; } family inet { filter dfwd { interface-specific; term 1 { from { source-address { 192.51.100.10/24; } } then { count c1; next term; } } term 2 { from { source-address { 192.51.100.20/24; } } then count c2; } term 3 { then accept; } } filter dfwd1 { interface-specific; term 1 { from { address { 192.51.100.10/24; } } then { discard; } } } filter tos { interface-specific; term 1 { from { precedence priority; } then forwarding-class assured-forwarding; } term 2 { then { log; accept; } } } filter dfwd2 { interface-specific; term 1 { from { forwarding-class best-effort; } then { sample; forwarding-class expedited-forwarding; } } term 2 { then accept; } } filter nodhcp { term dhcpdiscover { from { protocol udp; source-port 68; destination-port 67; } then { discard; } } term others { then accept; } } filter p1 { interface-specific; term 1 { from { precedence priority; } then { policer p1; log; } } term 2 { then accept; } } filter dscp { interface-specific; term 1 { from { dscp af11; } then log; } term 2 { then accept; } } filter tcm { interface-specific; term 1 { from { dscp af11; } then policer p1; } term 2 { then accept; } } } traceoptions { flag dynamic; } }