show firewall (QFX)
Syntax
show firewall <application (CFM | eswd | RMPS)>> <counter counter-name> <filter filter-name> <log <detail | interface interface-name>> <terse>
Description
Display statistics about configured firewall filters.
Options
| application (CFM | eswd | RMPS) | (Optional) Show firewall elements owned by the selected software component:
|
| counter counter-name | (Optional) Display statistics about a particular firewall filter counter. |
| filter filter-name | (Optional) Display statistics about a particular firewall filter. |
| log | (Optional) Display log entries for all firewall filter activity. |
| terse | (Optional) Display firewall filter names only. |
Required Privilege Level
view
Output Fields
Table 1 lists the output fields for
the show firewall command. Output fields are listed in the approximate order in
which they appear.
Field Name |
Field Description |
Level of Output |
|---|---|---|
Filter |
Name of the filter that is configured at the |
All levels |
Counters |
Display filter counter information:
|
All levels |
Policers |
Display policer information:
|
All levels |
Action |
Filter action:
|
All levels |
Interface |
Interface on which the firewall filter is applied. |
All levels |
Protocol |
Name of the packet protocol. |
All levels |
Packet Length |
Length of the packet. |
All levels |
Src Addr |
Source address of the packet. |
All levels |
Dest Addr |
Destination address of the packet. |
All levels |
Sample Output
- show firewall
- show firewall filter filter-name
- show firewall counter counter-name
- show firewall log
- show firewall log detail
show firewall
user@switch> show firewall Filter: egress-vlan-watch-employee Counters: Name Bytes Packets counter-employee-web 0 0 Filter: ingress-port-limit-tcp-icmp Counters: Name Bytes Packets icmp-counter 560 10 Policers: Name Packets icmp-connection-policer 10 tcp-connection-policer 0 Filter: ingress-vlan-rogue-block Filter: ingress-vlan-limit-guest
show firewall filter filter-name
user@switch> show firewall filter ingress-port-limit-tcp-icmp Filter: ingress-port-limit-tcp-icmp Counters: Name Bytes Packets icmp-counter 560 10 Policers: Name Packets icmp-connection-policer 10 tcp-connection-policer 0
show firewall counter counter-name
user@switch> show firewall counter icmp-counter Filter: ingress-port-voip-class-filter Counters: Name Bytes Packets icmp-counter 560 10
show firewall log
user@switch> show firewall log Log : Time Filter Action Interface Protocol Src Addr Dest Addr 08:00:53 pfe R ge-1/0/6.0 ICMP 192.168.3.5 192.168.3.4 08:00:52 pfe R ge-1/0/6.0 ICMP 192.168.3.5 192.168.3.4 08:00:51 pfe R ge-1/0/6.0 ICMP 192.168.3.5 192.168.3.4 08:00:50 pfe R ge-1/0/6.0 ICMP 192.168.3.5 192.168.3.4 08:00:49 pfe R ge-1/0/6.0 ICMP 192.168.3.5 192.168.3.4 08:00:48 pfe R ge-1/0/6.0 ICMP 192.168.3.5 192.168.3.4 08:00:47 pfe R ge-1/0/6.0 ICMP 192.168.3.5 192.168.3.4
show firewall log detail
user@switch> show firewall log detail Log : Time of Log: 2010-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0Name of protocol: TCP, Packet Length: 50824, Source address: 172.17.22.108:829, Destination address: 192.168.70.66:513 Time of Log: 2010-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0 Name of protocol: TCP, Packet Length: 1020, Source address: 172.17.22.108:829, Destination address: 192.168.70.66:513 Time of Log: 2010-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0 Name of protocol: TCP, Packet Length: 49245, Source address: 172.17.22.108:829, Destination address: 192.168.70.66:513 Time of Log: 2010-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0 Name of protocol: TCP, Packet Length: 49245, Source address: 172.17.22.108:829, Destination address: 192.168.70.66:513 Time of Log: 2010-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0 Name of protocol: TCP, Packet Length: 49245, Source address: 172.17.22.108:829, Destination address: 192.168.70.66:513 Time of Log: 2010-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0 Name of protocol: TCP, Packet Length: 49245, Source address: 172.17.22.108:829, Destination address: 192.168.70.66:513
Release Information
Command introduced in Junos OS Release 11.1.