Hi guys, To revive this thread; does anyone know how to check what type of packets are being matched when using an family any input filter on lo0 ?
You can't seem to use log as action and the from clause only allows some protocol independent matches; daniel@lab# set firewall family any filter test term test from ? Possible completions: + apply-groups Groups from which to inherit configuration data + apply-groups-except Don't inherit configuration data from these groups + forwarding-class Match forwarding class + forwarding-class-except Do not match forwarding class > interface Match interface name > interface-set Match interface in set + packet-length Match packet length + packet-length-except Do not match packet length [edit] daniel@lab# set firewall family any filter test term test then ? Possible completions: accept Accept the packet + apply-groups Groups from which to inherit configuration data + apply-groups-except Don't inherit configuration data from these groups count Count the packet in the named counter discard Discard the packet forwarding-class Classify packet to forwarding class loss-priority Classify packet to loss-priority next Continue to next term in a filter policer Name of policer to use to rate-limit traffic > three-color-policer Police the packet using a three-color-policer [edit] The docs say "layer 2 control packets", but which ones? Are all "non-IP" packets matched against this family any filter? <http://www.juniper.net/techpubs/en_US/junos10.4/topics/example/policy-layer-2-incoming-packet-rate-limit-setting.html> There's even an example in RFC6192 :-) <http://www.faqs.org/rfcs/rfc6192.html> Anyone using this? Pros/cons? Thanks, Daniel. _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
