Policy Framework Configuration Guide - Juniper Networks

Junos 10.4 Policy Framework Configuration Guide
Table 26: IPv6 Firewall Filter Match Conditions (continued)
Match Condition
Description
interface-set
interface-set-name
(MX Series routers and routers with Enhanced IQ2 [IQ2E] PICs only) Interface set on which the packet
was received. An interface set is a set of logical interfaces used to configure hierarchical class-of-service
schedulers. For information about configuring an interface set, see the Junos Class of Service
Configuration Guide and the Junos Network Interfaces Configuration Guide.
loss-priority level
Packet loss priority (PLP) level. Specify a single level or multiple levels: low, medium-low, medium-high,
or high.
Supported on MX Series routers; M120 and M320 routers; and M7i and M10i routers with the Enhanced
CFEB (CFEB-E).
On M320 routers, you must enable the tricolor statement at the [edit class-of-service] hierarchy level
to commit a PLP configuration with any of the four levels specified. If the tricolor statement is not
referenced, you can only configure the high and low levels. This applies to all protocol families.
For information about using behavior aggregate (BA) classifiers to set the PLP level of incoming packets,
see the Junos Class of Service Configuration Guide.
loss-priority-except
level
Do not match on the packet loss priority level. Specify a single level or multiple levels: low, medium-low,
medium-high, or high.
For information about using behavior aggregate (BA) classifiers to set the PLP level of incoming packets,
see the Junos Class of Service Configuration Guide.
next-header bytes
8-bit IP protocol field that identifies the type of header immediately following the IPv6 header. In place
of the numeric value, you can specify one of the following text synonyms (the field values are also
listed): ah (51), dstops (60), egp (8), esp (50), fragment (44), gre (47), hop-by-hop (0), icmp (1), icmpv6
(1), igmp (2), ipip (4), ipv6 (41), no-next-header (59), ospf (89), pim (103), routing (43), rsvp (46),
sctp (132), tcp (6), udp (17), or vrrp (112).
packet-length bytes
Length of the received packet, in bytes. The length refers only to the IP packet, including the packet
header, and does not include any Layer 2 encapsulation overhead.
port number
TCP or UDP source or destination port field. You cannot specify both the port match and either the
destination-port or source-port match conditions in the same term.
Typically, you specify this match in conjunction with the protocol match statement to determine which
protocol is being used on the port. For more information, see “Overview of Protocol Match Conditions”
on page 217.
In place of the numeric value, you can specify one of the text synonyms listed under destination-port.
prefix-list name
Source or destination prefixes in the specified list name. Specify the name of a list defined at the [edit
routing-options prefix-list prefix-list-name] hierarchy level.
service-filter-hit
This condition matches if the packet is received from a filter where a service-filter-hit action was
applied.
source-address
address
Address of the source node sending the packet; 128 bits in length. The filter description syntax supports
the text representations for IPv6 addresses as described in RFC 2373. For more information about IPv6
address syntax, see the Junos OS Routing Protocols Configuration Guide.
204
Copyright © 2010, Juniper Networks, Inc.