Rule order

Rules are stored as an ordered list in a rule chain and are evaluated in the listed order.

A specific rule is not evaluated in the event any preceding rules (or rules in chains that may have been 'jumped to') matched and resulted in an action (e.g. REJECT, ACCEPT) that terminates the processing of the packet in the chain.

The position of a rule in a rule chain is not an attribute of the rule. In the REST API, the rule-creation method specifies an integer position for the new rule in the rule chain. But that position is only meaningful relative to the rules already existing in the chain and is only used to modify the current rule list.


Please read the section called “A packet’s flow within a rule chain” for an overview of rule-chain processing.

Questions? Discuss on Mailing Lists or Chat.
Found an error? Report a bug.

loading table of contents...