Examples: Configuring Static Filters
This topic provides some static filter configuration examples.
firewall {
policer p1 {
if-exceeding {
bandwidth-limit 5m;
burst-size-limit 10m;
}
then discard;
}
family inet {
filter dfwd {
interface-specific;
term 1 {
from {
source-address {
192.51.100.10/24;
}
}
then {
count c1;
next term;
}
}
term 2 {
from {
source-address {
192.51.100.20/24;
}
}
then count c2;
}
term 3 {
then accept;
}
}
filter dfwd1 {
interface-specific;
term 1 {
from {
address {
192.51.100.10/24;
}
}
then {
discard;
}
}
}
filter tos {
interface-specific;
term 1 {
from {
precedence priority;
}
then forwarding-class assured-forwarding;
}
term 2 {
then {
log;
accept;
}
}
}
filter dfwd2 {
interface-specific;
term 1 {
from {
forwarding-class best-effort;
}
then {
sample;
forwarding-class expedited-forwarding;
}
}
term 2 {
then accept;
}
}
filter nodhcp {
term dhcpdiscover {
from {
protocol udp;
source-port 68;
destination-port 67;
}
then {
discard;
}
}
term others {
then accept;
}
}
filter p1 {
interface-specific;
term 1 {
from {
precedence priority;
}
then {
policer p1;
log;
}
}
term 2 {
then accept;
}
}
filter dscp {
interface-specific;
term 1 {
from {
dscp af11;
}
then log;
}
term 2 {
then accept;
}
}
filter tcm {
interface-specific;
term 1 {
from {
dscp af11;
}
then policer p1;
}
term 2 {
then accept;
}
}
}
traceoptions {
flag dynamic;
}
}