Hi,
filter pm_alp_classes_internet {
apply-groups [ cm_trusted_links cm_alp_class3_protocol ];
}
show configuration groups cm_trusted_links
firewall {
family bridge {
filter <*> {
term al_trust_class_default_dscp {
from {
interface ge-0/0/3.0;
}
then {
count al_trust_class_default_dscp;
loss-priority low;
forwarding-class class4;
accept;
}
}
}
}
}
show configuration groups cm_alp_class3_protocol
firewall {
family bridge {
filter <*> {
term al_alp_return_class3_protocol_seq_100 {
from {
ip-destination-address {
0.0.0.0/0;
}
ip-address {
0.0.0.0/0;
}
ip-protocol tcp;
source-port [ 647 1352 1494 2598 7911 ];
}
then {
count al_alp_return_class3_protocol_seq_100;
loss-priority low;
forwarding-class class3;
accept;
}
}
}
}
}
I have two firewall filters being called in a group and the group is applied to interface ge-0/0/3.
Scenario:
Source IP: 192.168.1.1
Destination IP: 192.168.1.10
Source port: TCP 647
A packet arrives on interface ge-0/0/3 and I get a hit on counter al_trust_class_default_dscp. There is no hit on the second firewall filter even though condition is a better match. Does it mean when processing stops when there is match.