Junos
Junos

Comfirm packets are matching my firewall rule.

‎01-04-2016 06:13 AM

Hello guys, I still can not get the same function as in cisco ACL or iptables -nvL option.

I want to know if my filter is matching packets and how many.

 

This is my filter:

 

description "BTB outgoing";
unit 0 {
    family inet {
        filter {
            input btb-protection;
        }
        address 172.24.0.41/30;
    }
}


  filter btb-protection {
        term block-telnet {
            from {
                source-address {
                    0.0.0.0/0;
                    22.22.22.10/32 except;
                }
                destination-address {
                    11.11.11.0/24;
                }
                destination-port [ telnet http 8080 ];
            }
            then {                      
                discard;
            }
        }
        term allow-all {
            then accept;
        }
    }

Thanks a lot.

Leandro.

 

 

 

 

 

 

 

2 REPLIES 2
Junos

Re: Comfirm packets are matching my firewall rule.

‎01-04-2016 02:46 PM

hey,

 

you just add "count <name>" to the "then" statement and you get nice counters(bytes/packets), see this link for example:

http://www.juniper.net/documentation/en_US/junos14.2/topics/example/firewall-filter-stateless-exampl...

 

greetings,

freemind

Junos

Re: Comfirm packets are matching my firewall rule.

‎01-04-2016 06:17 PM

To your then statement add a counter with a name.

 

then count mycounter

 

To see the count use

 

show firewall counter mycounter

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home