SRX

hi!

how treated are conditions in Firewall/filter/term:

example:

family inet  {

  filter FILTER {

     term ABC {

        from {

          destination-address {

             10.0.0.1/32;

             10.0.0.2/32;

           }

           port [ 445 20 ];

        then {

           forwarding-class A;

           accept;

        }

    }

}

as logical sum of destination-addresses and ports or conjunction both collections?

best regards

Robert

Multiple entries of the same type are "OR"ed together, in your exaple either 10.0.0.1 or 10.0.0.2 will match, and then dissimilar terms are "AND"ed together, meaning it has to be either 10.0.0.1 OR 10.0.0.2 AND port 20 OR port 445.  Meaning port 445 from 1.1.1.1 would not match, nor would port 50 from 10.0.0.1.

Make sense?

thx for fast response

that was only example

tell me please, how to construct filter if I want to match ports of all adresses, few destination addresses and other parameters together in one filter?

You would just put all the parameters you want in the single term, and it would only match when all of the criteria are met.  The only exception is where you have multiple entries of the same type, then it would match when any one of them is a match.

firewall {
family inet {
filter test {
term 1 {
from {
source-address {
0.0.0.0/0;
}
destination-address {
1.1.1.1/32;
2.2.2.2/32;
}
destination-port [ 22 80 443 ];
}
then accept;
}
}
}
}

Exactly. My question is what if I would like match, for example:

2 source ports for all source IPs and all source ports for 2 selected source IPs?

I will be grateful if you show me the filter configuration.

You would just create a second term to match.

term 1 {
from {
source-address {
1.1.1.1/32;
2.2.2.2/32;
}
}
then accept;
}
term 2 {
from {
destination-port [ 80 443 ];
}
then accept;
}