Switching

Firewall filter in a switch running Junos OS 21.4R3-S2, Please could you confirm if the syntax /script is correct?

Thanks

Host1: 10.1.1.1 (switch)
Host2: 10.3.1.2 (server)

configure
set firewall family ethernet-switching filter FILTER1 term TERM1 from destination-address 10.3.1.2
set firewall family ethernet-switching filter FILTER1 term TERM1 from source-address 10.1.1.1
set firewall family ethernet-switching filter FILTER1 term TERM1 then count inbound-counter-SW1-SRV-R1
set firewall family ethernet-switching filter FILTER1 term TERM1 then accept

set firewall family ethernet-switching filter FILTER1 term TERM2 from destination-address 10.1.1.1
set firewall family ethernet-switching filter FILTER1 term TERM2 from source-address 10.3.1.2
set firewall family ethernet-switching filter FILTER1 term TERM2 then count outbound-counter-SRV-SW1-R1
set firewall family ethernet-switching filter FILTER1 term TERM2 then accept

set firewall family ethernet-switching filter FILTER1 term DEFAULT-accept then accept

set firewall family ethernet-switching filter FILTER2 term TERM1 from destination-address 10.3.1.2
set firewall family ethernet-switching filter FILTER2 term TERM1 from source-address 10.1.1.1
set firewall family ethernet-switching filter FILTER2 term TERM1 then count outbound-counter-SW1-SRV-SRV
set firewall family ethernet-switching filter FILTER2 term TERM1 then accept

set firewall family ethernet-switching filter FILTER2 term TERM2 from destination-address 10.1.1.1
set firewall family ethernet-switching filter FILTER2 term TERM2 from source-address 10.3.1.2
set firewall family ethernet-switching filter FILTER2 term TERM2 then count inbound-counter-SRV-SW1-SRV
set firewall family ethernet-switching filter FILTER2 term TERM2 then accept

set firewall family ethernet-switching filter FILTER2 term DEFAULT-accept then accept

set interfaces et-0/0/8 unit 0 family ethernet-switching filter input FILTER1
set interfaces et-0/0/8 unit 0 family ethernet-switching filter output FILTER1

set interfaces xe-1/0/18:0 unit 0 family ethernet-switching filter input FILTER2
set interfaces xe-1/0/18:0 unit 0 family ethernet-switching filter output FILTER2

The filter will work, no problem, it's just that ALL traffic will work ;) For firewall filters, there is an implicit allow in the end. If you don't deny anything, it will allow everything!

Are both your "DEFAULT-accept then accept" meant to be discard?

The syntax checks out on an EX4100 running 22.3R2-S2.