site_logo

Previous Next


  1. JNCIA exam sim
  2. Juniper JNCIA Netsim
  3. JNCIA ExamSim with Netsim

Routing Policies and Firewall Filters

10. JUNOS, Filter match criteria and actions with examples

In Junos, firewall filters use match criteria and actions to control network traffic. The following are some examples of match criteria and actions that can be used in Junos firewall filters:

Match Criteria:

  • 1. Protocol: Matches traffic based on the protocol type (e.g. TCP, UDP, ICMP). Example: protocol tcp;

  • 2. Source Address: Matches traffic based on the source IP address or network. Example: source-address 10.0.0.0/24;

  • 3. Destination Address: Matches traffic based on the destination IP address or network. Example: destination-address 192.168.0.0/16;

  • 4. Source Port: Matches traffic based on the source port number. Example: source-port 22;

  • 5. Destination Port: Matches traffic based on the destination port number. Example: destination-port 80;

Actions:

  • 1. Accept: Allows the traffic to pass through the network. Example: then { accept; }

  • 2. Reject: Blocks the traffic and sends a notification to the source indicating the traffic was blocked. Example: then { reject; }

  • 3. Count: Counts the number of packets that match the criteria. Example: then { count example-counter; }

  • 4. Log: Generates a log message for traffic that matches the criteria. Example: then { log; }

  • 5. Discard: Discards the traffic and does not send a notification to the source. Example: then { discard; }

The match criteria and actions can be combined in various ways to create complex processing rules for network traffic. For example, you can use multiple match criteria in a single term to match more specific traffic, and you can use multiple actions in a single term to perform multiple actions on matching traffic. By combining match criteria and actions, you can create flexible firewall filters that control network traffic and enhance network security.

Example Configuration:

Sure, here's an example of a Junos firewall filter that matches HTTP traffic and allows it while logging it:

filter http-filter {
    term allow-http {
        from {
            protocol tcp;
            destination-port 80;
        }
        then {
            accept;
            log;
        }
    }
    term deny-all {
        then {
            reject;
        }
    }
}

This filter contains two terms: "allow-http" and "deny-all". The first term matches TCP traffic to destination port 80, which is the standard port for HTTP traffic. If the traffic matches this criteria, the traffic is both accepted and logged. The second term is a catch-all that denies all remaining traffic. In this example, all HTTP traffic is allowed and logged, while all other traffic is denied.

Previous Next




simulationexams.com ad

certexams.com ad