Policy Framework Configuration Guide - Juniper Networks
16.03.2014 Views
Share Embed Flag

Policy Framework Configuration Guide - Juniper Networks

Policy Framework Configuration Guide - Juniper Networks

Policy Framework Configuration Guide - Juniper Networks

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
juniper.net

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Chapter 9: Firewall Filter <strong>Configuration</strong><br />

Table 26: IPv6 Firewall Filter Match Conditions (continued)<br />

Match Condition<br />

Description<br />

source-port number<br />

TCP or UDP source port field. You cannot specify the port and source-port match conditions in the<br />

same term.<br />

Normally, you specify this match in conjunction with the protocol match statement to determine which<br />

protocol is being used on the port. For more information, see “Overview of Protocol Match Conditions”<br />

on page 217.<br />

In place of the numeric field, you can specify one of the text synonyms listed under destination-port.<br />

source-prefix-list name<br />

Source prefixes in the specified prefix list. Specify a prefix list name defined at the [edit policy-options<br />

prefix-list prefix-list-name] hierarchy level.<br />

tcp-established<br />

TCP packets other than the first packet of a connection. This is a synonym for "(ack | rst)".<br />

This condition does not implicitly check that the protocol is TCP. To check this, specify the protocol<br />

tcp match condition.<br />

tcp-flags flags<br />

One or more of the following TCP flags:<br />

• bit-name: fin, syn, rst, push, ack, urgent<br />

You can string together multiple flags using logical operators.<br />

• numerical value: 0x01 through 0x20<br />

• text synonym: tcp-established, tcp-initial<br />

Configuring the tcp-flags match condition requires that you configure the next-header tcp match<br />

condition.<br />

tcp-initial<br />

Initial packet of a TCP connection. Configuring the tcp-initial match condition also requires that you<br />

configure the next-header match condition.<br />

traffic-class number<br />

8-bit field that specifies the class-of-service (CoS) priority of the packet. The traffic-class field is used<br />

to specify a DiffServ code point (DSCP) value.<br />

This field was previously used as the type-of-service (ToS) field in IPv4. However, the semantics of<br />

this field (for example, DSCP) are identical to those of IPv4.<br />

You can specify a numeric value from 0 through 63. To specify the value in hexadecimal form, include<br />

0x as a prefix. To specify the value in binary form, include b as a prefix.<br />

In place of the numeric value, you can specify one of the following text synonyms (the field values are<br />

also listed):<br />

• RFC 3246, An Expedited Forwarding PHB (Per-Hop Behavior), defines one code point: ef (46).<br />

• RFC 2597, Assured Forwarding PHB Group, defines 4 classes, with 3 drop precedences in each class,<br />

for a total of 12 code points:<br />

• af11 (10), af12 (12), af13 (14)<br />

• af21 (18), af22 (20), af23 (22)<br />

• af31 (26), af32 (28), af33 (30)<br />

• af41 (34), af42 (36), af43 (38)<br />

Copyright © 2010, <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />

205

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!