Thanks!!
Let me tidy up my configurations and add one more conditions,
An policer to police all traffic EXCEPT any one of the following,
1. source address (111.111.111.111/32) to any destinations
2. any source address to destinations (222.222.222.222/32)
3. icmp
4. tcp source and destination port 4444
5. udp source and destination port 3333
6. tcp and udp source and destination port 2222
Then my configuration should be as below, right?
term T10 {
from {
source-prefix-list {
PREFIX-LIST-SRC_1 except;
PREFIX-LIST-ALL_IP;
}
destination-prefix-list {
PREFIX-LIST-DST_1 except;
PREFIX-LIST-ALL_IP;
}
protocol-except [ icmp udp tcp ];
}
then {
policer WAN-POLICER_1;
next term;
}
}
term T20_UDP {
from {
source-prefix-list {
PREFIX-LIST-SRC_1 except;
PREFIX-LIST-ALL_IP;
}
destination-prefix-list {
PREFIX-LIST-DST_1 except;
PREFIX-LIST-ALL_IP;
}
protocol udp;
source-port-except [ 3333 2222 ];
destination-port-except [ 3333 2222 ];
}
then {
policer WAN-POLICER_1;
next term;
}
}
term T30_TCP {
from {
source-prefix-list {
PREFIX-LIST-SRC_1 except;
PREFIX-LIST-ALL_IP;
}
destination-prefix-list {
PREFIX-LIST-DST_1 except;
PREFIX-LIST-ALL_IP;
}
protocol tcp;
source-port-except [ 4444 2222 ];
destination-port-except [ 4444 2222 ];
}
then {
policer WAN-POLICER_1;
next term;
}
}
prefix-list PREFIX-LIST-ALL_IP {
0.0.0.0/0;
}
prefix-list PREFIX-LIST-DST_1 {
222.222.222.222/32;
}
prefix-list PREFIX-LIST-SRC_1 {
111.111.111.111/32;
}