Configuring Terms for Fast Update Filters
A fast update filter consists of one or more terms. A term is made up of one or more match conditions and the action to take when a packet matches the specified conditions.
To configure a term for a fast update filter:
- Access the fast update filter.
[edit dynamic-profiles myProfile] user@host# edit firewall family inet fast-update-filter httpFilter
- Create the new term and assign a name to the term.
[edit dynamic-profiles myProfile firewall family inet fast-update-filter httpFilter] user@host# set term term1
- Configure the match condition for the term. See Fast Update Filter Match Conditions for
the supported match conditions for fast update filters.
[edit dynamic-profiles myProfile firewall family inet fast-update-filter httpFilter] user@host# set from protocol tcp user@host# set from source-address $junos-subscriber-ip-address user@host# set from destination-port http
- Configure the action that the router takes when the match
conditions are met. See Fast Update Filter Actions and Action Modifiers for the supported actions
for fast update filters.
[edit dynamic-profiles myProfile firewall family inet fast-update-filter httpFilter] user@host# set then accept
- (Optional) Configure the action modifiers that you want
the router to take when the match conditions are met. See Fast Update Filter Actions and Action Modifiers for the supported action-modifiers for fast update filters.
[edit dynamic-profiles myProfile firewall family inet fast-update-filter httpFilter] user@host# set then count http-cnt
- (Optional) Configure the term to be added only once, when
the fast update filter is first created.
[edit dynamic-profiles myProfile firewall family inet fast-update-filter httpFilter] user@host# set only-at-create