the rule hierarchy has two basic concepts:

    1 specific rules override general rules.

    2 equally specific deny rules override allow rules.

    when evaluating rules, the internet firewall uses the following criteria:

    1 a rule defining a specific service is more specific than the default rule.

    2 a defined ethernet link, such as lan, wan, or dmz, is more specific than * (all).

    3 a single ip address is more specific than an ip address range.

    rules are listed in the web management interface window from most specific to the least specific, and rules at the top override rules listed below.