adf (Dynamic Firewalls)
Syntax
adf { counter; input-precedence precedence; not-mandatory; output-precedence precedence; rule rule-value; }
Hierarchy Level
[edit dynamic-profiles profile-name interfaces interface-name unit logical-unit-number family family filter]
Description
Configure an Ascend-Data-Filter that the dynamic profile applies to a subscriber session.
Options
counter
—Enable a counter that
increments each time the Ascend-Data-Filter rule is used. Typically
used for testing purposes.
not-mandatory
—Suppress router from reporting
an error when the RADIUS reply message does not include the $junos-adf-rule-v4
or $junos-adf-rule-v6 variable that is configured for the Ascend-Data-Filter
in the dynamic profile. In this circumstance, the Ascend-Data-Filter
is not created.
precedence
—Precedence
value that sets the order in which dynamic service filters are applied
on the interface. The lower the precedence value, the higher the precedence
that is given. The precedence setting is used in conjunction with
the precedence settings of all dynamic service filters configured
(not only Ascend-Data-Filters) on the same interface to establish
the order. For example, the order also includes any configured input filter-name precedence precedence
and output filter-name precedence precedence
statements.
Range: 0 through 255
Default: 0
rule-value
—Ascend-Data-Filter
rule. You can specify either a Junos predefined variable that maps
the Ascend-Data-Filter actions to Junos filter functionality or you
can manually configure the Ascend-Data-Filter rule. The router supports
two predefined variables depending on family type: $junos-adf-rule-v4
for family inet
and $junos-adf-rule-v6
for
family inet6
.
Required Privilege Level
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 10.4.
Option not-mandatory
introduced in Junos OS Release
12.2.