Four sample filter rules are shown here. Each of them is explained in detail
below.
deny 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp any 0 eq 80 non-secure local both l=no f=no permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 tcp any 0 eq 80 secure local both l=yes f=no deny 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 udp any 0 eq 161 both both both l=yes permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 all any 0 any 0 both both both
This rule blocks all TCP packets coming in and going out on any non-secure interface, destined for port 80, with an endpoint on the local system.
Port 80 is the standard HTTPD port, so this rule most likely intended to block a web server from either receiving or sending data on a non-secure interface.
This rule is identical to Rule 1, with three exceptions: it permits traffic instead of denying it; it applies to secure interfaces rather than non-secure interfaces; and it logs all traffic that it matches.
Without that last difference (the l=yes parameter), this rule would be unnecessary, because Rule 4 permits all traffic which has no other matching rule anyway.
So the only real purpose of this rule is to log web traffic to/from the secure network.
This rule blocks all UDP packets with an endpoint on either the local system or any other system for which we route traffic, which uses any interface, and which would connect on port 161 at its final destination. It would also generate a log entry for any such attempt.
If this system is the gateway for a secure network, then such traffic would be prevented from either entering or leaving that network.
Port 161 is used by the SNMP Trap-PDU message type, which utilizes UDP, so this rule is presumably intended to block SNMP traps.
Using this rule creates a policy of 'permit by default'; leaving this rule out would cause the firewall to fall back to the standard 'deny by default' policy.