“dfwc_bitfield: “82” is an invalid option commit error

This article describes the issue of the “dfwc_bitfield: “82” is an invalid option error message being generated, when a specific numeric value is committed as a match condition in a firewall filter.

If you try to commit a specific numeric value, such as 82, as a match condition in a firewall filter, the following error message is generated:

The ability to match by numerical value in ip-options has been removed from Junos 10.1 or later. Only the following options can be defined:

The ability to match by numerical value in ip-options has been removed from Junos 10.1 or later. It was observed that although prior to JUNOS 10.1, it was possible to configure to match on ip-option 82, it was actually matching on any ip-option. So, instead of matching the specific ip-option defined in the filter, it was matching all the packets.

The removal of the ip-option 82 keyword did not actually remove any pre-existing functionality from Junos.

About the author

Prasanna

Leave a Comment