Supported Platforms
Related Documentation
- ACX, EX, J, M, MX, PTX, SRX, T Series
- Guidelines for Configuring Standard Firewall Filters
- ACX, EX Series
- Standard Firewall Filter Match Conditions and Actions on ACX Series Routers Overview
- Standard Firewall Filter Terminating Actions on ACX Series Routers
Standard Firewall Filter Nonterminating Actions on ACX Series Routers
Standard stateless firewall filters support different sets of nonterminating actions for each protocol family.
 | Note: ACX Series routers do not support the next term action. |
Table 1 describes the nonterminating actions you can configure for a standard firewall filter term.
Table 1: Nonterminating Actions for Standard Firewall Filters on ACX Series Routers
Nonterminating Action | Description | Protocol Families |
|---|---|---|
count counter-name | Count the packet in the named counter. |
|
forwarding-class class-name | Classify the packet based on the specified forwarding class:
Note: This action is supported on ingress only. |
|
log | Log the packet header information in a buffer within the Packet Forwarding Engine. You can access this information by issuing the show firewall log command at the command-line interface (CLI). Note: This action is supported on ingress only. | family inet |
loss-priority (high | medium-high | low) | Set the packet loss priority (PLP) level. You cannot also configure the three-color-policer nonterminating action for the same firewall filter term. These two nonterminating actions are mutually exclusive. You must include the tri-color statement at the [edit class-of-service] hierarchy level to commit a PLP configuration with any of the four levels specified. If the tri-color statement is not enabled, you can configure only the high and low levels. This applies to all protocol families. For information about the tri-color statement and for information about using behavior aggregate (BA) classifiers to set the PLP level of incoming packets, see the Junos OS Class of Service Configuration Guide. Note: This action is supported on ingress only. |
|
policer policer-name | Name of policer to use to rate-limit traffic. |
|
port-mirror | Port-mirror the packet based on the specified family. Note: This action is supported on ingress only. | family inet |
syslog | Log the packet to the system log file. Note: This action is supported on ingress only. | family inet |
three-color-policer (single-rate | two-rate) policer-name | Police the packet using the specified single-rate or two-rate three-color policer. You cannot also configure the loss-priority action for the same firewall filter term. These two actions are mutually exclusive. |
|
Related Documentation
- ACX, EX, J, M, MX, PTX, SRX, T Series
- Guidelines for Configuring Standard Firewall Filters
- ACX, EX Series
- Standard Firewall Filter Match Conditions and Actions on ACX Series Routers Overview
- Standard Firewall Filter Terminating Actions on ACX Series Routers
Published: 2013-04-10
Supported Platforms
Related Documentation
- ACX, EX, J, M, MX, PTX, SRX, T Series
- Guidelines for Configuring Standard Firewall Filters
- ACX, EX Series
- Standard Firewall Filter Match Conditions and Actions on ACX Series Routers Overview
- Standard Firewall Filter Terminating Actions on ACX Series Routers
