Table of Contents
Advertisement
Table 418: Actions for Firewall Filters (continued)
Action
discard
reject message-type
routing-instance
routing-instance-name
vlan vlan-name
Table 419: Action Modifiers for Firewall Filters
Action Modifier
analyzer analyzer-name
Copyright © 2010, Juniper Networks, Inc.
Description
Discard a packet silently without sending an Internet
Control Message Protocol (ICMP) message.
Discard a packet, and send an ICMPv4 message (type
3) "destination unreachable". You can log the rejected
packets if you configure the
syslog
You can specify one of the following message codes:
administratively-prohibited (default), bad-host-tos,
bad-network-tos, host-prohibited, host-unknown,
host-unreachable, network-prohibited,
network-unknown, network-unreachable,
port-unreachable, precedence-cutoff,
precedence-violation, protocol-unreachable,
source-host-isolated, source-route-failed,
If you specify
, a TCP reset is returned if the
tcp-reset
packet is a TCP packet. Otherwise nothing is returned.
If you do not specify a message type, the ICMP
notification "destination unreachable" is sent with the
default message "communication administratively
filtered".
NOTE:
is not a supported action for IPv6 traffic.
reject
Forward matched packets to a virtual routing instance.
Forward matched packets to a specific VLAN. Ensure
that you specify the VLAN name and not the VLAN
range because the
vlan
action does not support the
vlan-range option.
NOTE:
is not a supported action for IPv6 traffic.
vlan
In addition to the actions, you can specify action modifiers.
Description
Mirror port traffic to a specified destination port or VLAN
that is connected to a protocol analyzer application.
Mirroring copies all packets seen on one switch port to
a network monitoring connection on another switch
port. The analyzer name must be configured under
ethernet-switching-options analyzer]
Chapter 106: Firewall Filters—Overview
Supported Platforms and Direction
EX2200—ingress and egress
EX3200 and EX4200—ingress and
egress
EX4500—ingress and egress
EX8200—ingress and egress
EX2200—ingress and egress
EX3200 and EX4200—ingress only
action modifier.
EX4500—ingress only
EX8200—ingress only
or
tcp-reset
.
EX2200—ingress only
EX3200 and EX4200—ingress only
EX4500—ingress only
EX8200—ingress only
EX2200—not supported
EX3200 and EX4200—ingress and
egress
EX4500—ingress and egress
EX8200—ingress and egress
Supported Platforms and Direction
EX2200—ingress only
EX3200 and EX4200—ingress only
EX4500—ingress only
EX8200—ingress only
[edit
.
3251
Advertisement
Chapters
Table of Contents
Troubleshooting
