User manual
8-8 Packet Filter
s
Protocol Rules
You can define protocol rules within each protocol section in the
filter file. Protocol rules determine which packets may and may
not access the network.
The rule syntax is:
<line #> <verb> <keyword> <operator> <value>
The combination of keyword, operator, and value forms the
condition which, when combined with the verb, determines
whether the packet is accepted or rejected.
When a packet is filtered, for example an IP packet, the
NETServer parses each rule defined in the IP protocol section
sequentially according to the line number. Filtering is
performed based on the first match that occurs. If there is no
match, by default the packet is accepted. For this reason, you
should order your protocol rules so that the rules you expect to
be most frequently matched are in the beginning of the section.
This reduces the amount of parsing time that occurs during
filtering.