Policer firewall and ingress rate-limiter

https://www.youtube.com/watch?v=FR6-SVqTspo&feature=emb_logo&ab_channel=JuniperNetworks

Create	a filter with a policer
	set firewall family inet filter hard-filter term from-10 from source-address 10.10.10.0/24 set firewall family inet filter hard-filter term from-10 then policer drop-excess-traffic set firewall family inet filter hard-filter term from-10 then accept set firewall family inet filter hard-filter term all-other-traffic then accept
	set firewall policer drop-excess-traffic if-exceeding bandwith-limit 2m set firewall policer drop-excess-traffic if-exceeding burst-size-limit 5k set firewall policer drop-excess-traffic then discard
Apply	to Interface
	set interface ge-0/0/0 unit 0 family inet filter input hard-filter
Apply	to firewall filter

https://www.juniper.net/documentation/us/en/software/junos/cos/topics/example/policer-single-rate-two-color-mfc-example.html


discard	firewall policer set firewall policer discard if-exceeding bandwidth-limit 700m set firewall policer discard if-exceeding burst-size-limit 15k set firewall policer discard then discard
forwarding class	forwading-class set class-of-service forwarding-classes class BE-data queue-num 0 set class-of-service forwarding-classes class Premium-data queue-num 1 set class-of-service forwarding-classes class Voice queue-num 2 set class-of-service forwarding-classes class NC queue-num 3
firewall filter	http or tcp/80 > forwarding-class BE-data tcp/12345 > forwarding-class Premium-data firewall filter set firewall family inet filter mf-classifier term BE-data from protocol tcp set firewall family inet filter mf-classifier term BE-data from port http set firewall family inet filter mf-classifier term BE-data then forwarding-class BE-data set firewall family inet filter mf-classifier term BE-data then policer discard set firewall family inet filter mf-classifier term Premium-data from protocol tcp set firewall family inet filter mf-classifier term Premium-data from port 12345 set firewall family inet filter mf-classifier term Premium-data then forwarding-class Premium-data set firewall family inet filter mf-classifier term Premium-data then policer discard set firewall family inet filter mf-classifier term accept then accept


Apply fw filter to interface	apply fw filter to interface set interfaces ge-2/0/5 description to-Host set interfaces ge-2/0/5 unit 0 family inet address 172.16.70.2/30 set interfaces ge-2/0/5 unit 0 family inet filter input mf-classifier