Guidelines For Applying Standard Firewall Filters; Applying Firewall Filters Overview - Juniper ACX1000 Configuration Manual

Table 69: Firewall Filter Action Categories (continued)
Type of Action Description
Flow control For standard firewall filters only, the
directs the router (or switch) to perform configured actions
on the packet and then, rather than terminate the filter,
use the next term in the filter to evaluate the packet. If the
next term
evaluated against the next term in the firewall filter.
Otherwise, the matching packet is not evaluated against
subsequent terms in the firewall filter.
For example, when you configure a term with the
nonterminating action
from an implicit
action forces the continued evaluation of the firewall filter.
Related
Documentation

Guidelines for Applying Standard Firewall Filters

Applying Firewall Filters Overview

Table 70: Firewall Filter Behavior by Filter Attachment Point
Filter Attachment Point
Loopback interface
Physical interface or
logical interface
Copyright © 2017, Juniper Networks, Inc.
next term
action is included, the matching packet is
count , the term's action changes
discard to an implicit accept
Guidelines for Applying Standard Firewall Filters on page 1049
Understanding How to Use Standard Firewall Filters
This topic covers the following information:
Applying Firewall Filters Overview on page 1049
Statement Hierarchy for Applying Firewall Filters on page 1050
Restrictions on Applying Firewall Filters on page 1051
You can apply a standard firewall filter to a loopback interface on the router or to a
physical or logical interface on the router. You can apply a firewall filter to a single interface
or to multiple interfaces on the
firewall filters based on the point to which you attach the filter.
Filter Behavior
The router's loopback interface,
packets. When you apply a firewall filter to the loopback interface, the filter evaluates the local
packets received or transmitted by the Routing Engine.
NOTE:
ACX5048 and ACX5096 routers do not support the evaluation of packets transmitted by the
Routing engine for loopback interface filter.
When you apply a filter to a physical interface on the router or to a logical interface (or member
of an aggregated Ethernet bundle defined on the interface), the filter evaluates all data packet
that pass through that interface.
Comment
action You cannot configure the
a terminating action in the same filter term.
However, you can configure the next term action
with another nonterminating action in the same
filter term.
A maximum of 1024
supported per standard firewall filter
configuration. If you configure a standard
firewall filter that exceeds this limit, your
candidate configuration results in a commit
. The next term error.
router.Table 70 on page 1049
, is the interface to the Routing Engine and carries no data
lo0
Chapter 32: Configuring Firewall Filters
action with
next term
actions are
next term
summarizes the behavior of
1049