IP packet filter inspects network datagrams (IP packets) and decides whether these packets
are allowed to pass the filter or not.

The decision to let a filter restrict certain packets is based on set of rules generated by DNi.
The order of the filter rules is important: only the first matching rule is taken into account.

step 1. Flush all filter rules previously set by DNi.

Next DNi sets up the new set of filter rules.

step 2. Setup a default policy that applies if packet don't match any of the following rules.

step 3. Restrict the traffic through the system by allowing or denying only packets
coming from a set of well known hosts or networks.

step 4. Allow any traffic coming only from the local host.
In other words, local user can initiate a session to a any
local service.

step 5. Accept return tcp/udp traffic from the remote hosts.
In other words, local user can initiate a session to a any
service on remote hosts.

step 6. Define local services that accept or deny connections from remote hosts.
Here DNi combines rules (by specifying multiple port numbers or service names) as much as
possible, because checking filter rules for every IP packet uses some CPU time.