Example: Configuring Interface-Specific Firewall Counters and Filter Profiles
To collect and log count statistics collected by firewall filters on a per-interface basis, you must configure a filter profile and include the interface-specific statement at the [edit firewall filter filter-name] hierarchy level.
Configure the firewall filter accounting profile:
[edit accounting-options]file cust1_accounting {size 500k;}filter-profile cust1_profile {file cust1_accounting;interval 1;counters {r1;}}
Configure the interface-specific firewall counter:
[edit firewall]filter f3 {accounting-profile cust1_profile;interface-specific;term f3-term {then {count r1;accept;}}}
Apply the firewall filter to an interface:
[edit interfaces]xe-1/0/0 {unit 0 {family inet {filter {input f3;output f3;}address 20.20.20.30/24;}}}
The following example shows the contents of the cust1_accounting file in the /var/log folder that might result from the preceding configuration:
#FILE CREATED 995495212 2001-07-18-22:26:52 #hostname host #profile-layout cust1_profile,epoch-timestamp,interfaces,filter-name, counter-name,packet-count,byte-count cust1_profile,995495572,xe-1/0/0.0,f3-xe-1/0/0.0-i,r1-xe-1/0/0.0-i,5953,1008257 cust1_profile,995495602,xe-1/0/0.0,f3-xe-1/0/0.0-o,r1-xe-1/0/0.0-o,5929,1006481 ...
If the interface-specific statement is not included in the configuration, the following output might result:
#FILE CREATED 995495212 2001-07-18-22:26:52 #hostname host #profile-layout cust1_profile,epoch-timestamp,interfaces,filter-name, counter-name,packet-count,byte-count cust1_profile,995495572,xe-1/0/0.0,f3,r1,5953,1008257 cust1_profile,995495632,xe-1/0/0.0,f3,r1,5929,1006481