[j-nsp] Filters

Alexander Arsenyev (GU/ETL) alexander.arsenyev at ericsson.com
Thu Jul 14 11:59:17 EDT 2005 

Hello Andy,

The protection filters are configured under [edit firewall] and applied under [edit interfaces <interface-name> unit <unit-number> family <family name> ] 
http://www.juniper.net/techpubs/software/junos/junos72/swconfig72-policy/html/firewall-config29.html#1027001
The rewrite-rules are configured under {edit class-of-service] and applied under [edit class-of-service interfaces interface-name unit logical-unit-number] 
http://www.juniper.net/techpubs/software/junos/junos72/swconfig72-interfaces/html/cos-config29.html#1015195
So there are 2 distinct places to define what You are going to do: one to specify firewall filters and second to specify rewrite rules. Likewise, there are 2 places to actually do things: one to do firewall filtering and another to do DSCP/IPPREC/EXP rewriting. 
Is that what You are looking for?
HTH,
Cheers
Alex


-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net]On Behalf Of andy
Sent: 14 July 2005 12:55
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] Filters


Hi,

Just a quick question. Is it possible to apply multiple filters to an interface?
We dont want to combine several filters into one filter and apply that to an interface.

For example, we have TOS rewrite filters and "protection filters" that block traffic.
We would like to be able to apply the rewrite filters and the protection filters to the same interface without combining the filters and making one 
large filter.

Is this possible? If so, does anyone have an example of an interface running multiple filters?

Thanks

-- 
andy    andy at shady.org
-----------------------------------------------
Never argue with an idiot. They drag you down 
to their level, then beat you with experience.
http://shady.org/~tlabs/
----------------------------------------------- 
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list