A firewall filter is a Junos security solution to filter or control traffic at the data plane as they enter or exit an interface 1 . A firewall filter consists of one or more terms, each with a set of conditions and actions 2 . The device evaluates every packet against the firewall filter terms in the order they are defined, and performs the actions specified in the first term that matches the packet 3 . If no term matches the packet, the device discards the packet by default 3 .
In the exhibit, the firewall filter mac-address is applied to the family ethernet-switching and involves filtering MAC addresses. There are two terms, term one and term two , each with different conditions and actions. The from statement specifies the match conditions, and the then statement specifies the actions. If the from statement is omitted, all packets are considered to match and the actions in the then statement are taken 2 . If the then statement is omitted, the packets that match the conditions in the from statement are accepted by default 2 .
Term one logs traffic from a specific source MAC address 88:05:00:29:3c:de/48 . The log action is a nonterminating action, which means that the device continues to evaluate the packet against the remaining terms in the filter 2 . Therefore, traffic that matches the from statement in term one is not discarded, and option A is incorrect.
Term two accepts all other traffic not specified in term one. The then accept action is a terminating action, which means that the device stops evaluating the packet against the filter and forwards the packet 2 . Therefore, all traffic not matching the from statement in term one is accepted by term two, and option D is correct.
Term two does not have a from statement, which means that all packets are considered to match this term. Therefore, traffic matching the from statement in term two is not logged, and option B is incorrect.
Term one does not have a then statement other than the log action, which means that the packets that match the from statement are accepted by default. Therefore, traffic that matches the from statement in term one is accepted, and option C is correct.
[References:, 2: term (Firewall Filter), 3: Firewall Filters Overview, 1: Juniper Firewall Filter Configuration Example, ]
