- Download
Software
- Research a
Problem - Case Management
- Communities and Forums
- Contract & Product Management
- Technical Documentation Advanced Search
- Documentation Feedback Form
- Documentation Symbols Key
- End-of-Life Products
- Guidelines and Policies
- Security Resources
Juniper was the first North American IP routing vendor to achieve the prestigious TL 9000 certification by the Quality of Excellence for Suppliers of Telecommunications (QuEST) Forum in the router category, for design, development, provision and service and support.
What is J-Care?
It's the world-class service and support that you expect from a company that delivers the industry's best infrastructure and security products. With J-Care, you now have the confidence knowing that Juniper will do our part to keep you on top of the world!
- Download PDFs
-
Firewall Filter Configuration Statements Supported by JUNOS
Software for EX-series Switches
- Related Topics
- Firewall Filter Match Conditions and Actions for EX-series Switches
- Example: Configuring Firewall Filters for Port, VLAN, and Router Traffic on EX-series Switches
- Configuring Firewall Filters (CLI Procedure)
- Configuring Policers to Control Traffic Rates (CLI Procedure)
- Firewall Filters for EX-series Switches Overview
- Understanding the Use of Policers in Firewall Filters
Firewall Filter Configuration Statements Supported by JUNOS Software for EX-series Switches
You configure firewall filters to filter packets based on their components and to perform an action on packets that match the filter.
Table 1 lists the options that are supported for the firewall statement in JUNOS Software for EX-series switches.
Table 1: Supported Options for Firewall Filter Statements
|
Statement and Option |
Description |
|---|---|
|
The family-name option specifies the version or type of addressing protocol:
|
|
The filter-name option identifies the filter. The name can contain letters, numbers, and hyphens (-) and can be up to 64 characters long. To include spaces in the name, enclose the name in quotation marks (" " ). |
|
The term-name option identifies the term. The name can contain letters, numbers, and hyphens (-) and can be up to 64 characters long. To include spaces in the name, enclose the entire name in quotation marks (" " ). Each term name must be unique within a filter. |
|
The from statement is optional. If you omit it, all packets are considered to match. |
|
For information about the action and action-modifiers options, see Firewall Filter Match Conditions and Actions for EX-series Switches. |
|
The policer-name option identifies the policer. The name can contain letters, numbers, and hyphens (-) and can be up to 64 characters long. To include spaces in the name, enclose the name in quotation marks (" " ). |
|
The bandwidth-limit bps option specifies the traffic rate in bits per second (bps). You can specify bps as a decimal value or as a decimal number followed by one of the following abbreviations:
Range: 1000 (1k) through 102,300,000,000 (102.3g) bps The burst-size-limit bytes option specifies the maximum allowed burst size to control the amount of traffic bursting. To determine the value for the burst-size limit, you can multiply the bandwidth of the interface on which the filter is applied by the amount of time to allow a burst of traffic at that bandwidth to occur:
You can specify a decimal value or a decimal number followed by k (thousand) or m (million). Range: 1 through 2,147,450,880 bytes |
|
Use the policer-action option to specify discard to discard traffic that exceeds the rate limits. |
JUNOS software for EX-series switches does not support some of the firewall filter statements that are supported by other JUNOS software packages. Table 2 shows the firewall filter statements that are not supported by JUNOS Software for EX-series switches.
Table 2: Firewall Filter Statements That Are Not Supported byJUNOS Software for EX-series switches