Apart from this basic information, a Firewall rule answers the question when and/or on what it should apply to and which actions should be executed:
- Stations / Service: To which stations/networks and services/protocols does the rule refer to?
- Conditions: Is the effectiveness of the rule reduced by other conditions?
- Trigger: On exceeding of which threshold shall the rule being triggered?
- Action: What should happen to the data packets when the condition applies and the limit is reached?
- Further measures: Should further measures be initiated apart from the packet action?
- Quality of Service (QoS): Are data packets of certain applications or with the corresponding markings transferred preferentially by assurance of special Quality of Services?
Note: Condition, limit, packet action and other measures form together a so-called
“action set”. Each Firewall rule can contain a number of action sets.
If the same trigger is used for several action sets, the sequence of
action sets can be adjusted.
In section we have already described that in the end the lists for checking data packets are created from Firewall rules. Thus the extension of the block diagram looks like as follows: