Policy Framework Configuration Guide - Juniper Networks

Junos 10.4 Policy Framework Configuration Guide
• Simple filters are not supported for interfaces in an aggregated-Ethernet bundle.
• Explicitly configurable terminating actions, such as accept, reject, or discard, are not
supported. Simple filters always accept packets.
• Simple filters support only the following action modifiers: forwarding-class, loss-priority,
and policer.
To configure simple filters, include the simple-filter statement at the [edit firewall family
inet] hierarchy level:
[edit firewall family inet]
simple-filter filter-name {
term term-name {
from {
match-conditions;
}
then {
action-modifiers;
}
}
}
Example: Configuring a Simple Filter
For more information about Ethernet IQ2 PICs and EQ DPCs and related features, see
the Junos OS Services Interfaces Configuration Guide and the Junos OS Class of Service
Configuration Guide. For additional information about configuring the MX Series routers,
on which EQ DPCs are supported, see the Junos Layer 2 Configuration Guide.
Configure a simple filter to support Ethernet IQ2 PICs:
[edit]
firewall {
family inet {
simple-filter sf-1 {
term 1 {
from {
source-address 172.16.0.0/16;
destination-address 20.16.0.0/16;
source-port 1024-9071;
}
then {
forwarding-class fc-be1;
loss-priority high;
accept;
}
}
term 2 {
from {
source-address 173.16.0.0/16;
destination-address 21.16.0.0/16;
}
then {
forwarding-class fc-ef1;
loss-priority low;
254
Copyright © 2010, Juniper Networks, Inc.