Which three types of firewall filters are supported on EX Series switches? (Choose three.)

A.
router filters

B.
switch filters

C.
source filters

D.
VLAN filters

E.
port filters

Explanation:
The following firewall filter types are supported for EX-series switches:

Port (Layer 2) firewall filterPort firewall filters apply to Layer 2 switch ports. You can apply port firewall filters only in the ingress direction on a physical port.
Example.

ge-0/0/0 {
description “voice priority and tcp and icmp traffic rate-limiting filter at ingress port”;
unit 0 {
family ethernet-switching {
filter {
input ingress-port-voip-class-limit-tcp-icmp;
}
}
}

VLAN firewall filterVLAN firewall filters provide access control for packets that enter a VLAN, are bridged within a LAN, and leave a VLAN. You can apply VLAN firewall filters in both ingress and egress directions on a VLAN. VLAN firewall filters are applied to all packets that are forwarded to or forwarded from the VLAN.
Example.

vlans {
guest-vlan {
description “restrict guest-to-employee traffic and peer-to-peer applications on guest VLAN”;
filter {
input ingress-vlan-limit-guest;
}
}
}

Router (Layer 3) firewall filterYou can apply a router firewall filter in both ingress and egress directions on Layer 3 (routed) interfaces.
Example.

ge-0/1/0 {
unit 0 {
description “filter at egress router interface to expedite employee traffic destined for corporate network”;
family inet {
filter {
output egress-router-corp-class;
}
}
}
}

NOTE:
To apply a firewall filter, you must:
Configure the firewall filter.
Apply the firewall filter to a port, VLAN, or router interface.

Firewall Filter Types
In addition to standard firewall filters, the Junos OS firewall filter implementation also supports two other firewall filter types: service filters and simple filters.

Service Filters
Service filters enable you to define filters associated with a defined set of services. Service filters are supported on services interfaces, which provide specific capabilities for manipulating traffic before it is delivered to its destination. You use service filters to refine the target of the set of services and also to process traffic. Only IPv4 and IPv6 traffic are supported on service filters. No other protocol families are supported.

Simple Filters
Simple filters are supported on Gigabit Ethernet intelligent queuing (IQ2) and Enhanced Queuing Dense Port Concentrator (EQ DPC) interfaces only. Unlike standard filters, simple filters support IPv4 traffic only and have a number of restrictions. For example, you cannot configure a terminating action for a simple filter. Simple filters always accept packets. Also, simple filters can be applied only as input filters. They are not supported on outbound traffic. Simple filters are recommended for metropolitan Ethernet applications.