[j-nsp] filter access

Scott A. McIntyre scott at xs4all.net
Fri Apr 1 03:02:50 EST 2005



Hi,


> hi to everybody,
> i have a filter as follows; is ti possible to view which port has
> mached, and how many times has matched
>
> firewall {
>     family inet {
>         filter FILTER1 {
>             term T1 {
>                 from {
>                     protocol [ tcp udp ];
>                     destination-port [ 20 21 22 110 143 135 136 137
> 138 139 445 8080 8889 12345 23 1433 1434 ];
>                 }
>                 then {
>                     log;
>                     reject;
>                 }
>             }
>


You may want to consider a "then syslog" directive followed by configuring 
your syslog clause to send firewall statements to whatever log sink you've 
got running.  That will then show you precisely what you want (well, the 
number of times is a "simple matter of perl"):

Apr  1 10:00:00 router.com PFE_FW_SYSLOG_IP: FW: ae0.666      D  tcp 
80.127.666.666 10.1.0.11 37084   135 (1 packets)

And so on.

I've got something like this in my system syslog definition:

host ip.of.server {
    any notice;
    authorization info;
    daemon info;
    firewall info;
}

Regards,

Scott A. McIntyre
XS4ALL Internet B.V.





More information about the juniper-nsp mailing list