Introduction to Firewall Filters in JunOS
· Firewall Filters are same as Access Control Lists in Cisco.
· Firewall Filters are stateless firewall filters just like ACLs in Cisco.
· Firewall Filter has:
o Discard:
o Reject:
· All ACLs are configured in Firewall Hierarchy
· All Firewall Filters have Names
Every Term has:
From Clauses ( Matches )
Then Clauses ( Actions )
Every Term can have a Number or a Name
The ANNOTATE Command can be used to write Comments against the filter terms
Show firewall policy-options
· JunOS always compiles Firewall Filters.
· JunOS Firewall Filters are performed always in Hardware using the Internet 2 Processor from IBM which gives Line Rate Packet Filtering Speed.
· For APPLYING a firewall filter list over an interface:
o Set interface fe-3/0/0 unit 0 family inet filter input-list block-bad-addresses
o Set interface fe-3/0/1 unit 0 family inet filter output-list block-bad-addresses
· Firewall Filters are applied with the perspective of a Router, if a Packet comes in through FE-3/0/0 and after re-routing it goes out from FE-3/0/1 then the input ACL will be at FE-3/0/0 and the output ACL will be at FE-3/0/1
