firewall (Dynamic Firewalls)
Syntax
firewall {
family family {
fast-update-filter filter-name {
interface-specific;
match-order [match-order];
term term-name {
from {
match-conditions;
}
then {
action;
action-modifiers;
}
only-at-create;
}
}
filter filter-name {
enhanced-mode-override;
instance-shared;
interface-shared;
interface-specific;
term term-name {
from {
match-conditions;
}
then {
action;
action-modifiers;
}
}
}
hierarchical-policer uid {
aggregate {
if-exceeding {
bandwidth-limit-limit bps;
burst-size-limit bytes;
}
then {
policer-action;
}
}
premium {
if-exceeding {
bandwidth-limit bps;
burst-size-limit bytes;
}
then {
policer-action;
}
}
}
policer uid {
filter-specific;
if-exceeding {
(bandwidth-limit bps | bandwidth-percent percentage);
burst-size-limit bytes;
}
logical-bandwidth-policer;
logical-interface-policer;
physical-interface-policer;
then {
policer-action;
}
}
three-color-policer uid {
action {
loss-priority high then discard;
}
logical-interface-policer;
single-rate {
(color-aware | color-blind);
committed-burst-size bytes;
committed-information-rate bps;
excess-burst-size bytes;
}
two-rate {
(color-aware | color-blind);
committed-burst-size bytes;
committed-information-rate bps;
peak-burst-size bytes;
peak-information-rate bps;
}
}
}
Hierarchy Level
[edit dynamic-profiles profile-name]
Description
Configure firewall filters and policers in a dynamic client profile or a dynamic service profile.
The remaining statements are explained separately. Search for a statement in CLI Explorer or click a linked statement in the Syntax section for details.
Required Privilege Level
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 9.6.