[j-nsp] policer deprecated warning in [edit firewall filter
<filter>] hierarchy under 7.1R1.3
Wayne E. Bouchard
web at typo.org
Fri Feb 18 17:22:10 EST 2005
On Wed, Feb 16, 2005 at 11:26:42PM -0700, Michael Loftis wrote:
> today after updating an M7i to 7.1R1.3 i noticed that the 'policer'
> statement is deprecated... I'm unclear as to what is better,a nd theres
> nothing anywhere in any juniper docs that I can find that mentions the
> policer statement even being deprecated nor what they intend to be used
> instead....anyone?
>
> IE...(config snippet)
>
> firewall {
> filter outbound-filter {
> policer mailapp0-smtp-out { ## Warning: 'policer' is deprecated
> if-exceeding {
> bandwidth-limit 2m;
> burst-size-limit 250k;
> }
> then discard;
> }
> }
> }
Current mechanism is that a policer is an independant element.
firewall {
policer mailapp0-smtp-out {
if-exceeding {
bandwidth-limit 2m;
burst-size-limit 250k;
}
then discard;
}
filter limit-smtp {
term smtp {
if {
protocol tcp;
port smtp;
}
then policer mailapp0-smtp-out;
}
term default {
then permit;
}
}
}
And then apply the filter to your interface.
My syntax may not be quite correct but you can see that this
simplified the filter config considerably and allows for reuse of the
policer in other ACLs without having to copy the whole config.
---
Wayne Bouchard
web at typo.org
Network Dude
http://www.typo.org/~web/
More information about the juniper-nsp
mailing list