Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

show firewall

Syntax

show firewall<counter counter-name><filter filter-name><log <detail | interface interface-name>><terse>

Release Information

Command introduced in Junos OS Release 11.1 for the QFX Series.

Description

Display statistics about configured firewall filters.

Options

counter counter-name

(Optional) Display statistics about a particular firewall filter counter.

filter filter-name

(Optional) Display statistics about a particular firewall filter.

log

(Optional) Display log entries for all firewall filter activity.

terse

(Optional) Display firewall filter names only.

Required Privilege Level

view

 

Related Documentation

 

List of Sample Output

show firewall
show firewall filter filter-name
show firewall counter counter-name
show firewall log
show firewall log detail

Output Fields

Table 1 lists the output fields for the show firewall command. Output fields are listed in the approximate order in which they appear.

Table 1: show firewall Output Fields

Field Name

Field Description

Level of Output

Filter

Name of the filter that is configured at the [edit firewall family family-name filter] hierarchy level.

All levels

Counters

Display filter counter information:

  • Name—Name of a filter counter that has been configured with the count firewall filter action modifier.
  • Bytes—Number of bytes that match the filter term where the count action modifier was specified.
  • Packets—Number of packets that matched the filter term where the count action modifier was specified.

All levels

Policers

Display policer information:

  • Name—Name of the policer that is configured at the [edit firewall policer] hierarchy level.
  • Packets—Number of packets that matched the filter term where the policer action modifier was specified. This is the number of packets that exceeded the rate limits that the policer specifies.

All levels

Action

Filter action:

  • A—Accept
  • D—Discard

All levels

Interface

Interface on which the firewall filter is applied.

All levels

Protocol

Name of the packet protocol.

All levels

Packet Length

Length of the packet.

All levels

Src Addr

Source address of the packet.

All levels

Dest Addr

Destination address of the packet.

All levels

Sample Output

show firewall

user@switch> show firewall
Filter: egress-vlan-watch-employee
Counters:
Name                                                Bytes              Packets
counter-employee-web                                    0                    0
Filter: ingress-port-limit-tcp-icmp
Counters:
Name                                                Bytes              Packets
icmp-counter                                            560                 10
Policers:
Name                                              Packets
icmp-connection-policer                                 10
tcp-connection-policer                                  0
Filter: ingress-vlan-rogue-block
Filter: ingress-vlan-limit-guest

show firewall filter filter-name


user@switch> show firewall filter ingress-port-limit-tcp-icmp
Filter: ingress-port-limit-tcp-icmp
Counters:
Name                                                Bytes              Packets
icmp-counter                                          560                 10
Policers:
Name                                              Packets
icmp-connection-policer                                10
tcp-connection-policer                                  0

show firewall counter counter-name

user@switch> show firewall counter icmp-counter
Filter: ingress-port-voip-class-filter
Counters:
Name                                                Bytes              Packets
icmp-counter                                          560                 10

show firewall log

user@switch> show firewall log
Log :

Time      Filter    Action Interface     Protocol        Src Addr                         Dest Addr
08:00:53  pfe       R      ge-1/0/6.0    ICMP            192.168.3.5	                    192.168.3.4
08:00:52  pfe       R      ge-1/0/6.0    ICMP            192.168.3.5                     192.168.3.4
08:00:51  pfe       R      ge-1/0/6.0    ICMP            192.168.3.5                     192.168.3.4
08:00:50  pfe       R      ge-1/0/6.0    ICMP            192.168.3.5                     192.168.3.4
08:00:49  pfe       R      ge-1/0/6.0    ICMP            192.168.3.5                     192.168.3.4
08:00:48  pfe       R      ge-1/0/6.0    ICMP            192.168.3.5                     192.168.3.4
08:00:47  pfe       R      ge-1/0/6.0    ICMP            192.168.3.5                     192.168.3.4

show firewall log detail

user@switch> show firewall log detail
Log :

Time of Log: 2010-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of 
interface: fxp0.0Name of protocol: TCP, Packet Length: 50824, Source address: 172.17.22.108:829, 
Destination address: 192.168.70.66:513
Time of Log: 2010-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0
Name of protocol: TCP, Packet Length: 1020, Source address: 172.17.22.108:829, 
Destination address: 192.168.70.66:513
Time of Log: 2010-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0
Name of protocol: TCP, Packet Length: 49245, Source address: 172.17.22.108:829, 
Destination address: 192.168.70.66:513
Time of Log: 2010-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0
Name of protocol: TCP, Packet Length: 49245, Source address: 172.17.22.108:829, 
Destination address: 192.168.70.66:513
Time of Log: 2010-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0
Name of protocol: TCP, Packet Length: 49245, Source address: 172.17.22.108:829, 
Destination address: 192.168.70.66:513
Time of Log: 2010-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0
Name of protocol: TCP, Packet Length: 49245, Source address: 172.17.22.108:829, 
Destination address: 192.168.70.66:513

Published: 2014-07-23

Previous Page Next Page