Related Documentation
- ACX, J, M, MX, PTX, SRX, T Series
- Guidelines for Configuring Standard Firewall Filters
- J, M, MX, PTX, SRX, T Series
- Standard Firewall Filter Nonterminating Actions
Standard Firewall Filter Terminating Actions
Standard stateless firewall filters support different sets of terminating actions for each protocol family.
 | Note: You cannot configure the next term action with a terminating action in the same filter term. However, you can configure the next term action with another nonterminating action in the same filter term. |
Table 1 describes the terminating actions you can specify in a standard firewall filter term.
Table 1: Terminating Actions for Standard Firewall Filters
Terminating Action | Description | Protocols |
|---|---|---|
accept | Accept the packet. |
|
discard | Discard a packet silently, without sending an Internet Control Message Protocol (ICMP) message. Discarded packets are available for logging and sampling. |
|
logical-system logical-system-name | Direct the packet to the specified logical system. Note: This action is not supported on PTX series packet transport switches. |
|
reject message-type | Reject the packet and return an ICMPv4 or ICMPv6 message:
Note: Rejected packets can be sampled or logged if you configure the sample or syslog action. The message-type can be one of the following values: address-unreachable, administratively-prohibited, bad-host-tos, bad-network-tos, beyond-scope, fragmentation-needed, host-prohibited, host-unknown, host-unreachable, network-prohibited, network-unknown, network-unreachable, no-route, port-unreachable, precedence-cutoff, precedence-violation, protocol-unreachable, source-host-isolated, source-route-failed, or tcp-reset. |
|
routing-instance routing-instance-name | Direct the packet to the specified routing instance. Note: This action is not supported on PTX series packet transport switches. |
|
topology topology-name | Direct the packet to the specified topology. Note: This action is not supported on PTX series packet transport switches. Each routing instance (master or virtual-router) supports one default topology to which all forwarding classes are forwarded. For Multitopology Routing, you can configure a firewall filter on the ingress interface to match a specific forwarding class, such as expedited forwarding, with a specific topology. The traffic that matches the specified forwarding class is then added to the routing table for that topology. |
|
Related Documentation
- ACX, J, M, MX, PTX, SRX, T Series
- Guidelines for Configuring Standard Firewall Filters
- J, M, MX, PTX, SRX, T Series
- Standard Firewall Filter Nonterminating Actions
Published: 2013-02-21
Related Documentation
- ACX, J, M, MX, PTX, SRX, T Series
- Guidelines for Configuring Standard Firewall Filters
- J, M, MX, PTX, SRX, T Series
- Standard Firewall Filter Nonterminating Actions
