Cisco Cisco Firepower Management Center 4000

Protection

All standard text rules contain two logical sections: the rule header and the rule options. The rule header 
contains:

the rule's action or type

the protocol

the source and destination IP addresses and netmasks

direction indicators showing the flow of traffic from source to destination

the source and destination ports

The rule options section contains:

event messages

keywords and their parameters and arguments

patterns that a packet’s payload must match to trigger the rule

specifications of which parts of the packet the rules engine should inspect 

The following diagram illustrates the parts of a rule:

Note that the options section of a rule is the section enclosed in parentheses. The rule editor provides an 
easy-to-use interface to help you build standard text rules.

Protection

Every standard text rule and shared object rule has a rule header containing parameters and arguments. 
The following illustrates parts of a rule header: