firewall filters Flashcards
whats a firewall filter?
its an ACL.
Stateless filter.
whats the default action in a firewall filter?
discard.
whats the filtering gotcha?
its not sm0rt.
If you check for an ack field alone it will derp. You should filter it first for TCP, then the TCP ack field.
how does it handle fragmented traffic?
badly. the first packet will have the l4 header, the rest wont but it’ll check anyway.
what are the 3 match condition categories?
Numeric Range
address
bit-field
What are the action categories?
same as route policies;
terminating actions
flow control
action modifiers
what are terminating actions?
ends the lookup.
accept = allows forwarding.
discard = quietly drop
reject = ICMP destination unreachable – you can do TCP reset of alternative ICMP message type.
what are flow control actions?
next term - allows you to do something, like set a QoS marking or policer, but still continue through the filter.
There is no next filter. No chaining.
What are action modifiers?
specifity other things to do…
count, log, syslog
forwarding-class and loss-priority – for carrying out CoS marking
policer
- all of these trigger an implicit accept unless you specify next-term.
where are firewall filters created?
edit firewall
you create your firewall policy within the address family your traffic will be in…
edit firewall family inet
how do you filter traffic destined to the system?
apply them to lo0
if you do this for management purposes you also need to add policy for routing protocols(!)
how do you apply a filter to an interface
inside the family, specify filter.
eg;
interface ge-0/0/1
unit 0
family inet
filter
input X
output Y
how do you verify firewall filters?
show firewall counter filter <filtername></filtername>
show firewall log
