First page Back Continue Last page Summary Graphics
Firewall rules explicitly define which packets will and will not be allowed through a network interface.
Packets that match a rule can be allowed through, silently thrown away, or thrown away and an error indication is returned to the sender.
A rule is based on the specific network interface, protocol, source and destination addresses, TCP and UDP service port numbers, TCP state flags, ICMP message types and codes, and whether the packet is incoming or outgoing.
Firewall rules are defined separately for both a network interface's input queue and its output queue. The firewall independently filters what comes in and what goes out through an interface.