Juniper JUNOS OS 10.3 - SOFTWARE Manual page 3161

Copyright © 2010, Juniper Networks, Inc.
NOTE: For EX2200 switches, the maximum number of terms allowed per
firewall filter is 512. For EX3200 and EX4200 switches, the maximum
number of terms allowed per firewall filter is 2048. For EX8200 switches,
the maximum number of terms allowed per firewall filter is 32768. If you
attempt to configure a firewall filter that exceeds these limits, the switch
returns an error message when you commit the configuration.
In each firewall filter term, specify the match conditions to use to match components
5.
of a packet.
To specify match conditions to match on packets that contain a specific
source-address and source-port—for example:
[edit firewall family ethernet-switching filter ingress-port-filter term
term-one]
user@switch# set from source-address 192.0.2.14
user@switch# set from source-port 80
You can specify one or more match conditions in a single
to occur, the packet must match all the conditions in the term.
The statement is optional, but if included in a term, the
from
be empty. If you omit the
In each firewall filter term, specify the actions to take if the packet matches all the
6.
conditions in that term.
You can specify an action and/or action modifiers:
To specify a filter action, for example, to discard packets that match the conditions
of the filter term:
[edit firewall family ethernet-switching filter ingress-port-filter term
term-one]
user@switch# set then discard
You can specify no more than one action (
filter term.
To specify action modifiers, for example, to count and classify packets in a forwarding
class:
[edit firewall family ethernet-switching filter ingress-port-filter term
term-one]
user@switch# set then count counter-one
user@switch# set then forwarding-class expedited-forwarding
from statement, all packets are considered to match.
,
accept
Chapter 102: Configuring Firewall Filters
from statement. For a match
statement cannot
from
, or
discard routing-instance
) per
3065