Netopia 3346N-ENT 用户指南

Continuing the customs inspectors analogy, imagine the inspectors lined up to examine a package. If the 
package matches the first inspector’s criteria, the package is either rejected or passed on to its destination, 
depending on the first inspector’s par ticular orders. In this case, the package is never seen by the remaining 
inspectors.

If the package does not match the first inspector’s criteria, it goes to the second inspector, and so on. You can 
see that the order of the inspectors in the line is ver y impor tant.

For example, let’s say the first inspector’s orders are to send along all packages that come from Rome, and the 
second inspector’s orders are to reject all packages that come from France. If a package arrives from Rome, 
the first inspector sends it along without allowing the second inspector to see it. A package from Paris is 
ignored by the first inspector, rejected by the second inspector, and never seen by the others. A package from 
London is ignored by the first two inspectors, so it’s seen by the third inspector.

In the same way, filter sets apply their filters in a par ticular order. The first filter applied can for ward or discard 
a packet before that packet ever reaches any of the other filters. If the first filter can neither for ward nor discard 
the packet (because it cannot match any criteria), the second filter has a chance to for ward or reject it, and so 
on. Because of this hierarchical structure, each filter is said to have a priority. The first filter has the highest 
priority, and the last filter has the lowest priority.

As described above, a filter applies criteria to an IP packet and then takes one of three actions:

For wards the packet to the local or remote network

packet

first
filter

match?

yes

for ward

discard?

to network

discard
(delete)

forward

no

to next
filter

send

or