Supported Platforms
Related Documentation
- ACX, EX, J, M, MX, PTX, SRX, T Series
- Guidelines for Configuring Standard Firewall Filters
- M, MX, PTX, T Series
- Interface-Specific Firewall Filter Instances Overview
Standard Firewall Filter Match Conditions and Actions on ACX Series Routers Overview
On ACX Series Universal Access Routers, you can configure firewall filters to filter packets and to perform an action on packets that match the filter. The match conditions specified to filter the packets are specific to the type of traffic being filtered.
 | Note: On ACX Series routers, the filter for the exiting traffic (egress filter) can be applied only for interface-specific instances of the firewall filter. |
Table 1 describes the types of traffic for which you can configure standard stateless firewall filters.
Table 1: Standard Firewall Filter Match Conditions by Protocol Family for ACX Series Routers
Traffic Type | Hierarchy Level at Which Match Conditions Are Specified |
|---|---|
Protocol-independent | [edit firewall family any filter filter-name term term-name] No match conditions are supported for this traffic type on ACX Series routers. |
IPv4 | [edit firewall family inet filter filter-name term term-name For the complete list of match conditions, see Standard Firewall Filter Match Conditions for IPv4 Traffic on ACX Series Routers. |
MPLS | [edit firewall family mpls filter filter-name term term-name] For the complete list of match conditions, see Standard Firewall Filter Match Conditions for MPLS Traffic on ACX Series Routers. |
Layer 2 CCC | [edit firewall family ccc filter filter-name term term-name] No match conditions are supported for this traffic type on ACX Series routers. |
Under the then statement for a standard stateless firewall filter term, you can specify the actions to be taken on a packet that matches the term.
Table 2 summarizes the types of actions you can specify in a standard stateless firewall filter term.
Table 2: Standard Firewall Filter Action Categories for ACX Series Routers
Type of Action | Description | Comment |
|---|---|---|
Terminating | Halts all evaluation of a firewall filter for a specific packet. The router performs the specified action, and no additional terms are used to examine the packet. You can specify only one terminating action in a standard firewall filter. You can, however, specify one terminating action with one or more nonterminating actions in a single term. For example, within a term, you can specify accept with count and syslog. | See Standard Firewall Filter Terminating Actions on ACX Series Routers. |
Nonterminating | Performs other functions on a packet (such as incriminating a counter, logging information about the packet header, sampling the packet data, or sending information to a remote host using the system log functionality), but any additional terms are used to examine the packet. | See Standard Firewall Filter Nonterminating Actions on ACX Series Routers. |
Related Documentation
- ACX, EX, J, M, MX, PTX, SRX, T Series
- Guidelines for Configuring Standard Firewall Filters
- M, MX, PTX, T Series
- Interface-Specific Firewall Filter Instances Overview
Published: 2013-04-10
Supported Platforms
Related Documentation
- ACX, EX, J, M, MX, PTX, SRX, T Series
- Guidelines for Configuring Standard Firewall Filters
- M, MX, PTX, T Series
- Interface-Specific Firewall Filter Instances Overview
