Policy Framework Configuration Guide - Juniper Networks

Chapter 9: Firewall Filter Configuration
protocol ospf;
}
}
term address-match {
from {
source-address {
10.108.0.0/16;
}
}
}
}
}
}
Example: Counting Both Accepted and Rejected Packets
Reject all addresses except 192.168.5.0/24. In the first term, the statement 192.168.5.2/24
except causes this address to be considered a mismatch and this address is passed to
the next term in the filter. The address 0.0.0.0/0 in the first term matches all other
packets, and these are counted, logged, and rejected. In the second term, all packets
that passed though the first term (that is, packets whose address matches 192.168.5.2/24)
are counted, logged, and accepted.
[edit]
firewall {
family inet {
filter fire1 {
term 1 {
from {
address {
192.168.5.0/24 except;
0.0.0.0/0;
}
}
then {
count reject-pref1-1;
log;
reject;
}
}
term 2 {
then {
count reject-pref1-2;
log;
accept;
}
}
}
}
}
Copyright © 2010, Juniper Networks, Inc.
249