Chapter 5 Advanced IP configuration 143Using the BayStack Instant Internet Management Software Version 7.11You can create filters that form templates for performing a particular type offiltering. The reason for creating filters and then applying them to an interface,instead of just applying them directly to an interface, is that this method providesinherent consistency and allows you to apply the same list of rules to multipleinterfaces without having to ensure consistency each time.After you create a filter, you can apply it as an input filter or an output filter. Fordetails, refer to “Applying a filter to an interface” on page 148.Processing a packet through an IP filterWhen a packet is “dropped into” the top of the stack of filters, the matchingcriteria at each filter is applied. If a match occurs, the specified permit or denyaction is executed. If a match does not occur, the packet “drops down” to the nextfilter in the stack and the matching process is applied again.If a packet drops through all the filters and a match never occurs, Instant Internethas to know what to do with a packet. There must be a default action. The defaultaction could be either to permit all packets that do not match or to deny them. Thedefault action in Instant Internet is to deny these types of packets. Any packet thatis referred to a filter list but does not find a match is automatically dropped.This last default filter is called an implicit deny any filter. As the name implies, theline does not show up in any filter list you build. It is simply a default action and itexists at the end of any and all filter lists.You can however, override this implicit deny filter by making the last line of thelist an explicit permit any filter. Packets dropping through all the other filters willmatch the explicit permit any filter before they get to the default implicit deny anyfilter. Therefore all packets not matching anything else are permitted and nothingever reaches the implicit deny.Filter lists are executed sequentially, from the top down. This concept isimportant. Perhaps the most common cause of malfunctioning filter lists is puttingthe individual filtering lines in the wrong sequence.