<< Click to Display Table of Contents >> Navigation:  Event and Object Analysis > Capture Results Filtering > Filtration Basics > Filters in brief

1. A filter must always contain the main table, which is the starting point to this filter.

2. A table may not be empty. Each table must end with a rule true for each message, with one of the following actions: ACCEPT, DROP or RETURN. This rule must be enabled.

For example:

<rule name="end" enabled="1">
 <match>
   <c name="all"/>
 </match>
 <action name="drop" />
</rule>

or

<rule enabled="1">
 <action name="accept" />
</rule>

3. RETURN can be used in any tables except for main.

4. Jumps (JUMP) to the main table are not allowed (to avoid circular loops).

5. JUMP actions forming circular loops (either explicit or implicit) are not allowed.