-
Notifications
You must be signed in to change notification settings - Fork 5
/
srx-policer.j2
58 lines (57 loc) · 1.31 KB
/
srx-policer.j2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
{%- set ifl = interface.name ~ "_" ~ interface.unit %}
{%- set i_fltr = ifl ~ "_INBOUND-FILTER" %}
{%- set o_fltr = ifl ~ "_OUTBOUND-FILTER" %}
{%- set policer = ifl ~ "_GLOBAL-POLICER" %}
interfaces {
{{ interface.name }} {
unit {{ interface.unit }} {
family inet {
filter {
input {{ i_fltr }};
output {{ o_fltr }};
}
}
}
}
}
firewall {
policer {{ policer }} {
if-exceeding {
bandwidth-limit {{ interface.police.limit }};
burst-size-limit {{ interface.police.burst }};
}
then discard;
}
filter {{ o_fltr }} {
term SOURCE-ANY {
from {
source-address {
0.0.0.0/0;
}
}
then {
policer {{ policer }};
accept;
}
}
term END-POLICY {
then accept;
}
}
filter {{ i_fltr }} {
term SOURCE-ANY {
from {
source-address {
0.0.0.0/0;
}
}
then {
policer {{ policer }};
accept;
}
}
term END-POLICY {
then accept;
}
}
}