Order Of Precedence For Firewall Rules - NETGEAR ProSafe FVS338 Reference Manual

FVS338 ProSafe VPN Firewall 50 Reference Manual
Note: Some residential broadband ISP accounts do not allow you to run any server
processes (such as a Web or FTP server) from your location. Your ISP may
periodically check for servers and may suspend your account if it discovers any
active services at your location. If you are unsure, refer to the Acceptable Use
Policy of your ISP.
Remember that allowing inbound services opens holes in your VPN firewall. Only enable those
ports that are necessary for your network. It is also advisable to turn on the server application
security and invoke the user password or privilege levels, if provided.

Order of Precedence for Firewall Rules

As you define new rules, they are added to the tables in the Rules menu, as shown in
Figure 4-1
For any traffic attempting to pass through the firewall, the packet information is subjected to the
rules in the order shown in the Rules Table, beginning at the top and proceeding to the default rules
at the bottom. In some cases, the order of precedence of two or more rules may be important in
determining the disposition of a packet. For example, you should place the most strict rules at the
top (those with the most specific services or addresses). The Up and Down buttons allow you to
relocate a defined rule to a new position in the table.
4-6 Firewall Protection and Content Filtering
v1.0, September 2006
Figure 4-1