Four sample filter rules are shown here. Each of them is explained in detail
below.
deny 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp any 0 eq 80 non-secure local both l=no f=no permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp any 0 eq 80 secure local both l=yes f=no deny 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 udp any 0 eq 161 both both both l=yes permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 all any 0 any 0 both both both
Rule 1
action
Port 80 is the standard HTTPD port, so this rule most likely intended to block a web server from either receiving or sending data on a non-secure interface.
Rule 2
This rule is identical to Rule 1, with three exceptions: it permits traffic instead of denying it; it applies to secure interfaces rather than non-secure interfaces; and it logs all traffic that it matches.
Without that last difference (the l=yes parameter), this rule would be unnecessary, because Rule 4 permits all traffic which has no other matching rule anyway.
So the only real purpose of this rule is to log web traffic to/from the secure network.
Rule 3
action
If this system is the gateway for a secure network, then such traffic would be prevented from either entering or leaving that network.
Port 161 is used by the SNMP Trap-PDU message type, which use UDP, so this rule is presumably intended to block SNMP traps.
Rule 4
This rule simply permits everything. It should be placed at the end of the file, so that it only applies to traffic which has not been filtered by a previous rule. Any rule placed below this one would be meaningless.
Using this rule creates a policy of 'permit by default'; leaving this rule out would cause the firewall to fall back to the standard 'deny by default' policy.