Firewall Filter Tasks
Question
-- Exhibit --
[edit firewall family inet filter input-filter]
user@router# show
term my-policy {
from {
source-address {
151.43.62.0/24;
}
}
then {
count;
}
}
term else {
then {
discard;
}
}
-- Exhibit --
Which two tasks are accomplished by the firewall filter shown in the exhibit? (Choose two.)
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.AC
The given firewall filter has two terms, namely "my-policy" and "else". The tasks accomplished by this firewall filter are as follows:
- Traffic matching the my-policy term will be counted:
The my-policy term is configured to match traffic from the source address 151.43.62.0/24. The "then" statement associated with this term has the action "count", which will count the number of packets matching the policy.
- Traffic not matching the my-policy term will be discarded:
The else term is used to discard traffic that does not match the my-policy term. The "then" statement associated with the else term has the action "discard", which will drop any packets that do not match the policy.
Therefore, the correct answers are:
A. Traffic matching the my-policy term will be counted and accepted. D. Traffic not matching the my-policy term will be accepted.
Option A is incorrect because the traffic matching the my-policy term will only be counted, not accepted. Option B is incorrect because the my-policy term does not discard the traffic. Option C is incorrect because the else term discards the traffic not matching the my-policy term, not the my-policy term.
