The packet is checked for characteristics defined in the rule. For example, a specific IP header, input and output interfaces, TCP flags and protocol.The packet can be handled according to a specified target policy such as accepted, dropped, returned, logged, or rejected.When a packet is filtered, its characteristics are compared against the rules one-by-one. All defined characteristics must match. If no rules are found then the default action for that chain is applied.