Filter Policies
7750 SR OS Router Configuration Guide Page 291
Ordering Filter Entries
When entries are created, they should be arranged sequentially from the most explicit entry to the
least explicit. Filter matching ceases when a packet matches an entry. The entry action is
performed on the packet, either drop or forward. To be considered a match, the packet must meet
all the conditions defined in the entry.
Packets are compared to entries in a filter policy in an ascending entry ID order. To reorder entries
in a filter policy, edit the entry ID value; for example, to reposition entry ID 6 to a more explicit
location, change the entry ID 6 value to entry ID 2.
When a filter consists of a single entry, the filter executes actions as follows:
If a packet matches all the entry criteria, the entry’s specified action is performed (drop or
forward).
If a packet does not match all of the entry criteria, the policy’s default action is performed.
If a filter policy contains two or more entries, packets are compared in ascending entry ID order (1,
2, 3 or 10, 20, 30, etc.):
Packets are compared with the criteria in the first entry ID.
If a packet matches all the properties defined in the entry, the entry’s specified action is
executed.
If a packet does not completely match, the packet continues to the next entry, and then
subsequent entries.
If a packet does not completely match any subsequent entries, then the default action is
performed.