Configuring Firewall Filters

To configure firewall filters, include the following statements:

[edit]
firewall {
  policer policer-name {
    if-exceeding {
      bandwidth-limit rate;
      burst-size-limit bytes;
    }
    then {
      policer-action;
    }
  }
  filter filter-name {
    accounting-profile name;
    interface-specific;
    policer policer-name {
      if-exceeding {
        bandwidth-limit rate;
        burst-size-limit bytes;
      }
      then {
        policer-action;
      }
    }
    term term-name {
      from {
        match-conditions;
      }
      then {
        actions;
        action-modifiers;
      }
    }
  }
}
interfaces {
  interface-name {
    unit logical-unit-number {
      family inet {
        filter {
          input filter-name;
          output filter-name;
        }
      }
    }
  }
}

Policing does not use the filter match conditions. Instead, it uses the if-exceeding statement. For more information, see the JUNOS ...

Get Juniper Networks® Field Guide and Reference now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.