You can create filter rules to refer to various portions of IP, TCP, UDP, and ICMP headers.
The following list includes the fields you refer to in a filter rule that make up the IP packet header:
For example, you can create and activate a rule that filters a packet based on the destination IP address, source IP address, and direction (inbound). In this case, the system matches all incoming packets (according to their origin and destination addresses) with corresponding rules. Then the system takes the action that you specified in the rule. The system discards any packets that are not permitted in your filter rules. This is called the default deny rule.