The following commands will show you the current TCAM usage on a QFX series switch. Especially for QFX5100 devices, the TCAM is very small and only a limited number of firewall filters can be installed. If the TCAM is full you will have issues such as the loopback firewall filter allowing all traffic.
Summary
Use the command show pfe filter hw summary to view a summary of the TCAM usage.
Detail
Log into fpc0 and use show filter hw 3 show_term_info:
> start shell
% vty fpc0
TFXPC0(vty)# show filter
Program Filters:
---------------
Index Dir Cnt Text Bss Name
-------- ------ ------ ------ ------ --------
Term Filters:
------------
Index Semantic Name
-------- ----------------
1 Classic accept-only
2 Classic classify-accept
3 Classic protect-re
...
TFXPC0(vty)# show filter hw 3 show_term_info
======================
Filter index : 3
======================