Ordering the firewall rule list

When you create or customize a firewall rules policy, place the most specific rules at the top of the list, and more general rules at the bottom. This ensures that Host Intrusion Prevention filters traffic appropriately and does not miss rules based on exceptions to other, more general rules.

For example, to block all HTTP requests except those from IP address 10.10.10.1, you need to create two rules:

You must place the more specific Permit Rule higher in the firewall rule list than the more general Block Rule. This ensures that when the firewall intercepts an HTTP request from address 10.10.10.1, the first matching rule it finds is the one that allows this traffic through the firewall.

If you placed the more general Block Rule higher than the more specific Permit Rule, Host Intrusion Prevention would match the HTTP request from 10.10.10.1 against the Block Rule before it found the exception. It would block the traffic, even though you really wanted to allow HTTP requests from this address.

Copyright © 2006 McAfee, Inc. All Rights Reserved.