826 Configuring IP Firewall Filters for an interfaceN0008589 3.3Configuring the order of the input filters for an interfaceAfter you enter all of the input filters, you need to set the order in which the filters are used.The order of the input filter rules is very important. The more specific rules, such as rules forspecific port numbers and addresses, should be placed first. TCP and UDP rules are typically morespecific and should be first. Rules for just the IP protocol should be placed last, because theytypically ignore port numbers and only match on IP addresses.The following two examples show how the order of the rules affects what traffic can pass throughthe IP Firewall.Example 1: Rule 1 is configured to Pass TCP protocol 25 from any IP address to 10.10.10.20.Rule 2 is configured to Block any TCP protocol from any IP address to any IP address. If Rule 2 isplaced before Rule 1, then Rule 1 will never be reached because all TCP protocol 25 packetsdestined for IP address 10.10.10.20 will be blocked by Rule 2 first.Example 2: Rule 1 is configured to Pass TCP protocol 6800 from IP address 192.168.10.20 to IPaddress 10.10.10.20. Rule 2 is configured to Block all IP protocols from any IP address to any IPaddress. If Rule 2 is placed before Rule 1, all TCP packets will match Rule 2 first and will beblocked.To configure the order of the input filters:1 Click the Input Rules’ Filter Order tab.The Input Rules’ Filter Settings screen appears.2 Type in the Input Filter Rule Order for the interface you are configuring.3 Press the Tab key to save your settings.
