Firewall Filter Actions - Juniper ACX1000 Configuration Manual

ACX Series Universal Access Router Configuration Guide
Table 68: Firewall Filter Match Conditions by Protocol Family (continued)
Traffic Type Hierarchy Level at Which Match Conditions Are Specified
Layer 2 Bridging
[edit firewall family bridge filter filter-name term term-name]
(MX Series routers and
[edit firewall family ethernet-switching filter filter-name term term-name]
EX Series switches only)
only)
For the complete list of match conditions, see Firewall Filter Match Conditions for Layer 2 Bridging
Traffic.

Firewall Filter Actions

Table 69: Firewall Filter Action Categories
Type of Action Description
Terminating Halts all evaluation of a firewall filter for a specific packet.
The router (or switch) performs the specified action, and
no additional terms are used to examine the packet.
You can specify only one terminating action in a firewall
filter term. You can, however, specify one terminating
action with one or more nonterminating actions in a single
term. For example, within a term, you can specify
with
count
that contain terminating actions, once the system
processes a terminating action within a term, processing
of the entire firewall filter halts.
Nonterminating Performs other functions on a packet (such as
incrementing a counter, logging information about the
packet header, sampling the packet data, or sending
information to a remote host using the system log
functionality), but any additional terms are used to
examine the packet.
1048
If you specify an IPv6 address in a match condition (the
match conditions), use the syntax for text representations described in
source-address
RFC 4291, IP Version 6 Addressing Architecture. For more information about IPv6 addresses,
see "IPv6 Overview" on page 530
Under the statement for a firewall filter term, you can specify the actions to be taken
then
on a packet that matches the term.
Table 69 on page 1048 summarizes the types of actions you can specify in a firewall filter
term.
and . Regardless of the number of terms
syslog
address
and Supported IPv6 Standards.
Comment
See Firewall Filter Terminating Actions.
accept
All nonterminating actions include an implicit
accept action. This accept action is carried out
if no other terminating action is configured in
the same term.
See Firewall Filter Nonterminating Actions.
Copyright © 2017, Juniper Networks, Inc.
(for EX Series switches
, destination-address , or