Junos OS

 View Only
last person joined: 6 days ago 

Ask questions and share experiences about Junos OS.

  • 1.  Filter without terminating action

    Posted 03-25-2022 09:32
    Hi All,

    I have  following filter very simple where the terminating action is missing
    set firewall family inet filter conn term tcp-established from protocol tcp
set firewall family inet filter conn term tcp-established from tcp-established
    from here Firewall Filter Terminating Actions is clear the behaviour for terminating and non-terminating action.
    Can I assume that in my case there is an implicit accept and filter evaluation terminate?
    Thanks

    ------------------------------
    FABIO
    ------------------------------


  • 2.  RE: Filter without terminating action

    Posted 03-28-2022 05:42
    Hello Fabio, 

    Terminating actions needed for the Firewall filter to take an action 

    You need to accept/reject/discard the packet.

    Thankyou 
    Ruban

    ------------------------------
    RUBAN PRASAT JOHNSON
    ------------------------------

    Original Message


  • 3.  RE: Filter without terminating action

     
    Posted 03-28-2022 05:42
    The default action is an implicit "accept", yes. However best practice is to ensure there is always an explicit term to perform the default action, because you can't 100% rely on the defaults never changing, or defaults not being exactly as you expect, so I would strongly recommend *always* having a terminating action so you can explicitly specify what you *want* the filter to do. This will also make it a lot easier for others to troubleshoot your work later on in case of issues.
    Original Message