J-series™ Services Router User Guide
Task
Navigate to the Firewall
level in the configuration
hierarchy.
Define protect-RE and
tcp-connection-term, and
define the source prefix
list match condition.
Define the TCP flags and
protocol match conditions
for tcp-connection-term.
Define the actions for
tcp-connection-term.
Define icmp-term, and
define the protocol.
408
Configuring a Stateless Firewall Filter with a Configuration Editor
J-Web Configuration Editor
In the configuration editor hierarchy, select
Firewall.
1.
Next to Filter, click Add new entry.
2.
In the Filter name box, type protect-RE.
3.
Next to Term, click Add New Entry.
4.
In the Rule name box, type
tcp-connection-term.
5.
Next to From, click Configure.
6.
Next to Source prefix list, click Add new
entry.
7.
In the Name box, type trusted-addresses.
8.
Click OK.
1.
In the TCP flags box, type
(syn & !ack) | fin | rst.
2.
In the Protocol choice drop-down list,
select Protocol.
3.
Next to Protocol, click Add new entry.
4.
In the Value keyword drop-down list,
select tcp.
5.
Click OK.
1.
On the Term tcp-connection-term page,
next to Then, click Configure.
2.
In the Policer box, type
tcp-connection-policer.
3.
In the Designation drop-down list, select
Accept.
4.
Click OK twice.
1.
On the Filter protect-RE page, next to
Term, click Add New Entry.
2.
In the Rule name box, type icmp-term.
3.
Next to From, click Configure.
4.
In the Protocol choice drop-down list,
select Protocol.
5.
Next to Protocol, click Add new entry.
6.
In the Value keyword drop-down list,
select icmp.
7.
Click OK.
CLI Configuration Editor
From the top of the configuration hierarchy,
enter edit firewall.
Set the term name and define the source
address match condition:
set family inet filter protect-RE
term tcp-connection-term from
source-prefix-list trusted-addresses
Set the TCP flags and protocol and protocol
match conditions for the term:
set family inet filter protect-RE
term tcp-connection-term from protocol tcp
tcp-flags "(syn & !ack) | fin | rst"
Set the actions:
set family inet filter protect-RE
term tcp-connection-term then
policer tcp-connection-policer accept
Set the term name and define the protocol:
set family inet filter protect-RE term icmp-term
from protocol icmp