Firewall rule order

Use the Firewall Rules page for the Network IPS appliance to order your firewall rules. The appliance reads the list from top to bottom in the order they are listed and applies configured actions.

When a connection matches a firewall rule, further processing for the connection stops, and the appliance ignores any additional firewall rules that you set.

Example

Use the following statements to stop all connections to a network segment except for those connections that are destined for a specific port on a specific host:
  • adapter any ip src addr any dst addr 1.2.3.4 tcp dst port 80
  • (Action = "ignore")
  • adapter any IP src addr any dst addr 1.2.3.1-1.2.3.255
  • (Action = "drop")

The first rule allows all traffic to port 80 on host 1.2.3.4 to go to a web server as legitimate traffic. All other traffic on that network segment is dropped. If you reverse the rule order, all traffic to the segment is dropped, even the traffic to the web server on 1.2.3.4.