Navigation
Supported Platforms
flow (Security Flow)
Syntax
flow {aging {early-ageout seconds;high-watermark percent;low-watermark percent;}allow-dns-reply;bridge {block-non-ip-all;bpdu-vlan-flooding;bypass-non-ip-unicast;no-packet-flooding {no-trace-route;}}force-ip-reassembly;ipsec-performance-acceleration;load distribution {session-affinity ipsec;}pending-sess-queue-length (high | moderate | normal);route-change-timeout seconds;syn-flood-protection-mode (syn-cookie | syn-proxy);tcp-mss {all-tcp mss value;gre-in {mss value;}gre-out {mss value;}ipsec-vpn {mss value;}}tcp-session {fin-invalidate-session;no-sequence-check;no-syn-check;no-syn-check-in-tunnel;rst-invalidate-session;rst-sequence-check;strict-syn-check;tcp-initial-timeout seconds;time-wait-state {(session-ageout | session-timeout seconds);}}traceoptions {file {filename;files number;match regular-expression;size maximum-file-size;(world-readable | no-world-readable);}flag flag;no-remote-trace;packet-filter filter-name {destination-port port-identifier;destination-prefix address;interface interface-name;protocol protocol-identifier;source-port port-identifier;source-prefix address;}rate-limit messages-per-second;}}
Hierarchy Level
[edit security]
Release Information
Statement modified in Release 9.5 of Junos OS.
Description
Determine how the device manages packet flow. The device can regulate packet flow in the following ways:
- Enable or disable DNS replies when there is no matching DNS request.
- Set the initial session-timeout values.
Options
The remaining statements are explained separately.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
