show firewall

Syntax


                        
                           show firewall
                           <counter counter-name>
                           <filter filter-name>
                           log (detail | interface interface-name)
                           terse

Release Information

Command introduced in JUNOS Release 9.0 for EX Series switches.

Description

Display statistics about configured firewall filters.

Options

none — Display statistics about all configured firewall filters, counters, and policers.

counter counter-name — (Optional) Display statistics about a particular firewall filter counter.

filter filter-name — (Optional) Display statistics about a particular firewall filter.

log (detail | interface interface-name) — (Optional) Display detailed log entries of firewall activity or log information about a specific interface.

terse — (Optional) Display firewall filter names only.

Required Privilege Level

view

List of Sample Output

show firewall
show firewall (filter filter-name)
show firewall (counter counter-name)
show firewall log

Output Fields

Table 1 lists the output fields for the show firewall command. Output fields are listed in the approximate order in which they appear.

Table 1: show firewall Output Fields

Field Name	Field Description	Level of Output
Filter	Name of the filter that is configured with the filter statement at the [edit firewall] hierarchy level.	All levels
Counters	Display filter counter information: Name—Name of a filter counter that has been configured with the counter firewall filter action Bytes—Number of bytes that match the filter term where the counter action was specified. Packets—Number of packets that matched the filter term where the counter action was specified.	All levels
Policers	Display policer information: Name—Name of policer. Packets—Number of packets that matched the filter term where the policer action was specified. This is the number of packets that exceed the rate limits that the policer specifies.	All levels

Field Name

Field Description

Level of Output

Filter

Name of the filter that is configured with the filter statement at the [edit firewall] hierarchy level.

All levels

Counters

Display filter counter information:

Name—Name of a filter counter that has been configured with the counter firewall filter action
Bytes—Number of bytes that match the filter term where the counter action was specified.
Packets—Number of packets that matched the filter term where the counter action was specified.

All levels

Policers

Display policer information:

Name—Name of policer.
Packets—Number of packets that matched the filter term where the policer action was specified. This is the number of packets that exceed the rate limits that the policer specifies.

All levels

Sample Output

show firewall

user@host> show firewall

Filter: egress-vlan-filter
Counters:
Name                                                Bytes              Packets
employee-web-counter                                   0                    0
Filter: ingress-port-filter
Counters:
Name                                                Bytes              Packets
ingress-port-counter                                    0                    0
Filter: ingress-port-voip-class-filter
Counters:
Name                                                Bytes              Packets
icmp-counter                                            0                    0
Policers:
Name                                              Packets
icmp-connection-policer                                 0
tcp-connection-policer                                  0

show firewall (filter filter-name)

user@host> show firewall filter egress-vlan-filter

Filter: egress-vlan-filter
Counters:
Name                                                Bytes              Packets
employee-web-counter                                   0                    0

show firewall (counter counter-name)

user@host> show firewall counter icmp-counter

Filter: ingress-port-voip-class-filter
Counters:
Name                                                Bytes              Packets
icmp-counter                                            0                    0

show firewall log

user@host> show firewall log

Log :

Time      Filter    Action Interface     Protocol        Src Addr                         Dest Addr
08:00:53  pfe       R      ge-1/0/1.0    ICMP            192.168.3.5	                    192.168.3.4
08:00:52  pfe       R      ge-1/0/1.0    ICMP            192.168.3.5                     192.168.3.4
08:00:51  pfe       R      ge-1/0/1.0    ICMP            192.168.3.5                     192.168.3.4
08:00:50  pfe       R      ge-1/0/1.0    ICMP            192.168.3.5                     192.168.3.4
08:00:49  pfe       R      ge-1/0/1.0    ICMP            192.168.3.5                     192.168.3.4
08:00:48  pfe       R      ge-1/0/1.0    ICMP            192.168.3.5                     192.168.3.4
08:00:47  pfe       R      ge-1/0/1.0    ICMP            192.168.3.5                     192.168.3.4

show firewall

Syntax

Release Information

Description

Options

Required Privilege Level

List of Sample Output

Output Fields

Sample Output

Published: 2009-08-18