Hi,
So if I have a source-address and destination-address both defined, do both have to be true for the THEN clause to be executed?
ANS - If you have a source and destination defined, they will use the AND logic and both have to be true for the "then" action to be executed.
Second: how does the above change when instead of source-address/destination-address you use prefix-list - NOT source-prefix-list or destination-prefix-list?
-What exactly do you mean by a prefix list here ?
Last - for now as I reserve the right to ask further questions: Is there a way other than inserting syslog or counts to tell that a term was actually "hit" and acted upon?
- This can be checked in the security flow traceoptions. It will be easier to put a counter in the filter though.
I'll reserve the question of putting filter-lists on an interface until later unless that would be better explained here as well.
-The device evaluates a packet against the filters in a list sequentially, beginning with the first filter in the list until either a terminating action occurs or the packet is implicitly discarded.
More details on filter listst at :- https://www.juniper.net/documentation/en_US/junos/topics/concept/firewall-filter-option-multiple-listed-overview.html
Regards,
Sahil Sharma
Please mark my response as Solution if it Helps, Kudos are Appreciated as well