I'm trying to understand the precedence of firewall filters.
First, are the items within a term processed as AND or OR? So if I have a source-address and destination-address both defined, do both have to be true for the THEN clause to be executed? If not, what is the logic to determine if the term is true or false. Same question for ports.
Second: how does the above change when instead of source-address/destination-address you use prefix-list - NOT source-prefix-list or destination-prefix-list?
Last - for now as I reserve the right to ask further questions: Is there a way other than inserting syslog or counts to tell that a term was actually "hit" and acted upon?
I'll reserve the question of putting filter-lists on an interface until later unless that would be better explained here as well.
Thanks guys!!!!
↧