Filter rules are configured by creating rule definitions in the file
%ETC%\SECURITY\FWFILTRS.CNF
where %ETC% is the directory indicated by the environment variable ETC.
Each rule occupies a single line in this file, where the top-most rule has the highest precedence, and the last rule has the lowest precedence.
Once the rules have been configured, you must make them 'active' by using
the command
cfgfilt -u
to load the rules into the firewall filter driver. (This replaces all currently-active rules with the contents of the rule configuration file.)
How it works
When determining whether an IP packet should be permitted or denied, the firewall filter driver starts by checking the packet against the first active rule. The packet is compared to the criteria which the rule defines; if there is a match, then the rule's specified action (either 'permit' or 'deny') is applied to the packet. If the packet does not match the rule, then the filter driver moves on to the next rule down the list, and repeats the process.
If, when the all the rules have been checked, the packet does not match any of them, then the packet is denied.