TechLibrary

Navigation

Supported Platforms

Standard stateless firewall filters support different sets of terminating actions for each protocol family.

Note: ACX Series routers do not support the next term action.

Table 1 describes the terminating actions you can specify in a standard firewall filter term.

Table 1: Terminating Actions for Standard Firewall Filters on ACX Series Routers

Terminating Action	Description	Protocols
accept	Accept the packet.	family any family inet family mpls family ccc
discard	Discard a packet silently, without sending an Internet Control Message Protocol (ICMP) message. Discarded packets are available for logging and sampling.	family any family inet family mpls family ccc
reject message-type	Reject the packet and return an ICMPv4 or ICMPv6 message: If no message type is specified, a destination-unreachable message is returned by default. If tcp-reset is specified as the message type, tcp-reset is returned only if the packet is a TCP packet. Otherwise, the administratively-prohibited message, which has a value of 13, is returned. If any other message type is specified, that message is returned. Rejected packets can be sampled or logged if you configure the sample or syslog action. This action is supported on ingress only. The message-type option can have one of the following values: address-unreachable, administratively-prohibited, bad-host-tos, bad-network-tos, beyond-scope, fragmentation-needed, host-prohibited, host-unknown, host-unreachable, network-prohibited, network-unknown, network-unreachable, no-route, port-unreachable, precedence-cutoff, precedence-violation, protocol-unreachable, source-host-isolated, source-route-failed, or tcp-reset.	family inet
routing-instance routing-instance-name	Direct the packet to the specified routing instance.	family inet