[j-nsp] firewall filter terminating action
Chen Jiang
ilovebgp4 at gmail.com
Tue Nov 22 04:35:24 EST 2016
Hi! Experts
Sorry for disturbing, I have a question but couldn't find the answer, could
you pls shed some light on this?
>From the documents we know that Juniper firewall filter has 3 termination
actions: accept, discard, and reject.
but when we configured mirror and sample action, if we didn't include a
"next-term", then the packets will not go through next term and just be
forwarded, it seems there is a implicit "accept" after sample and mirror
action. Is this expected behaviour?
Below is our test example, the packets will not hit the policer in term
"test-download" if we don't include a "next-term" in term "port-mirror"
lab at r1#show firewall family inet
filter csnet-filter-in {
term port-mirror {
then {
sample;
port-mirror-instance port-mirror-base-instance;
}
}
term test-download {
from {
destination-address {
119.254.116.88/30;
}
}
then {
policer 1m;
accept;
}
}
term 3 {
then {
discard;
}
}
}
}
--
BR!
James Chen
More information about the juniper-nsp
mailing list