firewall filter family vs no family

07.02.12   |  
‎07-02-2012 08:54 PM

On a SRX is there any difference between:


set firewall filter blah




set firewall family inet filter blah


I think they are the same, since the help menu show this:


ninefoldadmin@sydiprefwl01# set firewall ?         
Possible completions:
+ apply-groups         Groups from which to inherit configuration data
+ apply-groups-except  Don't inherit configuration data from these groups
> family               Protocol family
> filter               Define an IPv4 firewall filter




set firewall family ?
Possible completions:
> any                  Protocol-independent filter
> ccc                  Protocol family CCC for firewall filter
> inet                 Protocol family IPv4 for firewall filter


the options in each seem to be the same.... thoughts?



Re: firewall filter family vs no family

07.04.12   |  
‎07-04-2012 12:26 AM
Hi In old junos versions it was just firewall filter after that it is added family to apply filter in more families like MPLS that's why they added family inet as well. Regarding your question yes you are correct both will give you same result Regards, Mohamed
Mohamed Elhariry
2* JNCIE (SEC # 159, SP # 1059),JNCIP-ENT

[Click the "Star" for Kudos if you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]

Re: firewall filter family vs no family

07.05.12   |  
‎07-05-2012 12:09 AM

I think if it's using family there is many option to filter IPv4, v6 etc


Re: firewall filter family vs no family

07.05.12   |  
‎07-05-2012 04:10 AM


Hi there,


 JUNOS defaults to family inet in firewall filters, so[edit firewall filter blah] and [edit firewall family inet filter blah] will return the same results as you've noticed.



If you think your question's answered, please
mark the respective post as "Accepted Solution".

Kudos are an excellent way of showing appreciation, too.