The packet is checked for characteristics defined in the rule, for example, a specific IP header, input and output interfaces, and protocol.The packet is handled according to the specified action (called a “Rule Target,” “Target Action” or “Policy”).When a packet is filtered, its characteristics are compared against the rules one-by-one. All characteristics must match.