you can configure up to 12 filter sets, each with up to six rules. for ip packets, these rules involve comparing the protocol type of a data packet (for example, tcp, udp), source or destination address, or port number. also, a generic filter may be defined to merely test for a byte or pattern of bytes in a particular location in the packet. when a rule is met (or not met), a user-specified action is taken. this action may be to forward the packet, drop the packet, or go to the next rule.

    when implementing these filter sets, you can link up to four of the filter sets to screen the data packet. therefore, with each filter set having up to six rules, you can have a maximum of 24 rules active for a single filtering application.