In addition to this basic information, a firewall rule answers questions such as when and to what it is to be applied, and what actions should be executed, if any:
- Connection: Which stations/networks and services/protocols does the rule refer to? Connection
- Conditions: Is the effectiveness of the rule restricted by other conditions? Condition
- Trigger: When reaching which thresholds should the rule trigger? Limit (trigger)
- Packet action: What should happen to the data packets when the condition is met and the threshold is reached? Packet action
- Further measures: Should other measures be initiated in addition to the packet action? Further measures
- Quality of Service (QoS): Are data packets for particular applications or with the corresponding markings given preferential treatment by Quality of Service? Quality of Service (QoS)
Note: Condition, trigger, packet action, and further measures are collectively known as the “action set”. Each firewall rule can contain several action sets. If the same trigger is used for several action sets, the order of the action sets can be adjusted.
In the section How the firewall inspects data packets we have already shown that the lists for checking the data packets are ultimately formed from the firewall rules. The block diagram in further detail appears as follows:
