26 IP F ILTERS COMMANDSOverview This section describes the IP Filters commands accessible from the CLI. IP filters areused in IP networks that cross organizational or corporate boundaries. Theycontrol inter-network data transmission by accepting or rejecting passage ofspecific packets through network interfaces based on information in the packetheader.IP filtering provides a form of tunnel access control. IP filters can also be used withLAN and PVC interfaces.IP FilterComponentsEach IP filter consists of: A default action to take when an IP packet does not match any of the rulesspecified for the IP filter. A set of rules that determine which IP packets may access a network interface.Before an IP packet is transmitted onto a network interface, IP filtering analyzesthe packet header information using the set of rules added to the filter specifiedfor the interface. Based on the rules, the packet is either accepted or discarded.IP filtering is performed based on the first matching rule that is found. IP filteringsearches for a matching rule in rule number order. For this reason, you shouldorder your rules so that the rules you expect to be matched most often have thelowest rule numbers. This will reduce the time spent in IP filtering.Refer to the Packet Filters chapter for more information on filters, includingsample filter files.CLI Commands The following table identifies the IP Filters commands described in this chapter.CommandTypeCommand NameAdd add ip filter default_action[accept | reject]add ip rule Delete delete ip filter delete ip rule filter List list ip filters