Poorly configured user-defined rules can cause significant security problems relating to firewalls; most firewalls have order dependent rulesets.

  • An incoming packet is compared against the first rule in the list prior to any other rules.
  • If it matches the first rule, the packet is let through without consulting the rest of the rules.
  • If it fails the first rule, then it is compared against the second, then the third, and so on, until it is allowed through or fails altogether.

Understanding this feature will make your firewall much more effective.