term (Firewall Filter)
Syntax
term term-name {
from {
match-conditions;
vxlan {
vni vni-id
flags value mask-in-hex value
reserved1 value
reserved2 value
}
ip-version ipv4 {
match-conditions-mpls-ipv4-address;
protocol (tcp | udp) {
match conditions-mpls-ipv4-port;
}
}
}
then {
actions;
}
}
Hierarchy Level
[edit dynamic-profiles profile-name firewall family family-name filter filter-name], [edit firewall family family-name filter filter-name], [edit firewall family family-name service-filter filter-name], [edit firewall family family-name simple-filter filter-name], [edit logical-systems logical-system-name firewall family family-name filter filter-name], [edit logical-systems logical-system-name firewall family family-name service-filter filter-name], [edit logical-systems logical-system-name firewall family family-name simple-filter filter-name]
Description
Define a firewall filter term.
Options
actions—(Optional)
Actions to perform on the packet if conditions match. You can specify
one terminating action supported for the
specified filter type. If you do not specify a terminating action,
the packets that match the conditions in the from statement
are accepted by default. As an option, you can specify one or more nonterminating actions supported for the specified filter
type.
filter-name—(Optional)
For family family-name filter filter-name only, reference another standard stateless
firewall filter from within this term.
from—(Optional) Match packet fields to values.
If not included, all packets are considered to match and the actions
and action modifiers in the then statement are taken.
match-conditions—One or
more conditions to use to make a match on a packet.
match-conditions-mpls-ipv4-address—(MPLS-tagged IPv4 traffic only) One or more IP address
match conditions to match on the IPv4 packet header. Supports network-based
service in a core network with IPv4 packets as an inner payload of
an MPLS packet with labels stacked up to five deep.
match-conditions-mpls-ipv4-port—(MPLS-tagged IPv4 traffic only) One or more UDP or TCP port
match conditions to use to match a packet in an MPLS flow. Supports
network-based service in a core network with IPv4 packets as an inner
payload of an MPLS packet with labels stacked up to five deep.
vxlan—(Optional) Match
packets belonging to a particular VXLAN Network Identifier (VNI).
term-name—Name that identifies
the term. The name can contain letters, numbers, and hyphens (-) and
can be up to 64 characters long. To include spaces in the name,
enclose it in quotation marks (“ ”).
then—(Optional) Actions to take on matching
packets. If not included and a packet matches all the conditions in
the from statement, the packet is accepted.
The Firewall Filer Match Conditions for the different protocols are explained separately:
Firewall Filter Match Conditions for MPLS-Tagged IPv4 or IPv6 Traffic
Firewall Filter Match Conditions for Protocol-Independent Traffic
Firewall Filter Match Conditions for Protocol-Independent Traffic in Dynamic Service Profiles
Firewall Filter Match Conditions Based on Numbers or Text Aliases
Firewall Filter Match Conditions for Layer 2 Bridging Traffic
Required Privilege Level
firewall—To view this statement in the configuration.
firewall-control—To add this statement to the configuration.
Release Information
Statement introduced before Junos OS Release 7.4.
filter option introduced in Junos OS Release 7.6.
Logical systems support introduced in Junos OS Release 9.3.
ip-version ipv4 support introduced in Junos OS
Release 10.1.