[j-nsp] Wrong order of terms in a firewall filter after commit?

Wed Aug 13 10:33:34 EDT 2003

Am I able to deduce the order of the terms in a certain firewall
filter when I look at the order the counters are displayed in the
output of the "show firewall filter"? At the moment, I believe I am
able to do so. 

What I mean is this. 

If I issue the comman show firewall filter xyz and I see something
like this:

Filter: xyz
Counters:
Name                            Bytes              Packets
counter3
counter1
counter2

and if I have configured the filter xyz in a following way

term1 {
   from { ...
   }
   then {
      count counter1;
   }
}
term2 {
   from { ...
   }
   then {
      count counter2;
   }
}
term3 {
   from { ...
   }
   then {
      count counter3;
   }
}

do I conclude correctly that the firewall terms are processed in the
following order: term3, term1 and term2?

If I insert the following "dummy" term between terms term2 and term3

term dummy {
   then next term;
}

the output of the show firewall filter xyz command changes to:

Filter: xyz
Counters:
Name                            Bytes              Packets
counter1
counter2
counter3

If I now conclude that the processing order of the terms is term1,
term2 and term3, am I right?

The router in question is running JUNOS 5.7, the July 11th service
release.

-- 
- Matti -