Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

close
keyboard_arrow_left
Junos CLI Reference
Table of Contents Expand all
list Table of Contents
file_download PDF
keyboard_arrow_right

term (Firewall Filter)

date_range 20-Nov-23

Syntax

content_copy zoom_out_map
term term-name {
    from {
        match-conditions;
        vxlan {
            vni vni-id
                flags value mask-in-hex value
                reserved1 value
                reserved2 value
            }
        ip-version ipv4 {
            match-conditions-mpls-ipv4-address;
                protocol (tcp | udp) {
                    match conditions-mpls-ipv4-port;
                }
        }
    }
    then {
        actions;
    }
}

Hierarchy Level

content_copy zoom_out_map
[edit dynamic-profiles profile-name firewall family family-name filter filter-name],
[edit firewall family family-name filter filter-name],
[edit firewall family family-name service-filter filter-name],
[edit firewall family family-name simple-filter filter-name],
[edit logical-systems logical-system-name firewall family family-name filter filter-name],
[edit logical-systems logical-system-name firewall family family-name service-filter filter-name],
[edit logical-systems logical-system-name firewall family family-name simple-filter filter-name]

Description

Define a firewall filter term.

Options

actions—(Optional) Actions to perform on the packet if conditions match. You can specify one terminating action supported for the specified filter type. If you do not specify a terminating action, the packets that match the conditions in the from statement are accepted by default. As an option, you can specify one or more nonterminating actions supported for the specified filter type.

filter-name—(Optional) For family family-name filter filter-name only, reference another standard stateless firewall filter from within this term.

from—(Optional) Match packet fields to values. If not included, all packets are considered to match and the actions and action modifiers in the then statement are taken.

match-conditions—One or more conditions to use to make a match on a packet.

match-conditions-mpls-ipv4-address—(MPLS-tagged IPv4 traffic only) One or more IP address match conditions to match on the IPv4 packet header. Supports network-based service in a core network with IPv4 packets as an inner payload of an MPLS packet with labels stacked up to five deep.

match-conditions-mpls-ipv4-port—(MPLS-tagged IPv4 traffic only) One or more UDP or TCP port match conditions to use to match a packet in an MPLS flow. Supports network-based service in a core network with IPv4 packets as an inner payload of an MPLS packet with labels stacked up to five deep.

vxlan—(Optional) Match packets belonging to a particular VXLAN Network Identifier (VNI).

term-name—Name that identifies the term. The name can contain letters, numbers, and hyphens (-) and can be up to 64 characters long. To include spaces in the name, enclose it in quotation marks (“ ”).

then—(Optional) Actions to take on matching packets. If not included and a packet matches all the conditions in the from statement, the packet is accepted.

The Firewall Filer Match Conditions for the different protocols are explained separately:

Required Privilege Level

firewall—To view this statement in the configuration.

firewall-control—To add this statement to the configuration.

Release Information

Statement introduced before Junos OS Release 7.4.

filter option introduced in Junos OS Release 7.6.

Logical systems support introduced in Junos OS Release 9.3.

ip-version ipv4 support introduced in Junos OS Release 10.1.

external-footer-nav