To configure stateless firewall filters, use the following statements at the [edit firewall] hierarchy level.
Shared JUNOS statements in the firewall hierarchy are shown in normal font and are documented in the JUNOS Policy Framework Configuration Guide.
- firewall {
-
- family
family-name {
-
- dialer-filter filter-name {
- accounting-profile [ profile
- name
s];
-
- term
term-name {
-
- from {
-
match-conditions
;
- }
-
- then {
-
action
-
action-modifiers
;
- policer
policer-name
;
- port-mirror;
- virtual-channel virtual-channel-name
;
- }
- }
- }
-
- filter
filter-name {
- accounting-profile [ profile
- name
s];
- interface-specific;
-
- term
term-name {
- filter
filter-name ;
-
- from {
-
match-conditions
;
- }
-
- then {
-
action ;
-
action-modifiers
;
- policer
policer-name
;
- port-mirror;
- virtual-channel virtual-channel-name
;
- }
- }
- }
-
- service-filter filter-name {
-
- term
term-name {
-
- from {
-
match-conditions
;
- }
-
- then {
-
action ;
-
action-modifiers
;
- }
- }
- }
-
- simple-filter filter-name {
- interface-specific;
-
- term
term-name {
-
- from {
-
match-conditions
;
- }
-
- then {
-
action ;
-
action-modifiers
;
- }
- }
- }
- }
-
-
filter filter-name {
- accounting-profile [ profile-names
];
- interface-specific;
-
- term term-name {
- filter
filter-name ;
-
- from {
-
match-conditions
;
- }
-
- then {
-
action ;
-
action-modifiers
;
- virtual-channel virtual-channel-name
;
- }
- }
- }
-
- interface-set interface-set-name {
- [
interface-names ];
- }
-
-
policer policer-name {
- filter-specific;
-
-
if-exceeding {
-
bandwidth-limit bps ;
- bandwidth-percent number ;
-
burst-size-limit bytes ;
- }
- logical-bandwidth-policer;
- logical-interface-policer;
-
-
then {
-
policer-action ;
- }
- }
-
- three-color-policer policer-name
{
-
- action {
-
- loss-priority high {
-
- then {
- discard;
- }
- }
- }
- logical-interface-policer;
-
- single-rate {
- (color-aware | color-blind);
- committed-burst-size bytes ;
- committed-information-rate bps ;
- excess-burst-size bytes ;
- }
-
- two-rate {
- (color-aware | color-blind);
- committed-information-rate bps ;
- committed-burst-size bytes ;
- peak-information-rate bps ;
- peak-burst-size bytes ;
- }
- }
- }