[j-nsp] Meaning of "except" in firewall filters

[Paul Goyette]

Actually, I sort of take exception to Guy's explanation!

"accept" is an action that will be taken on packets that match
ALL of the criteria listed in the "from" (and "to") clauses.

"except" is the exclusion of a subset of a match criteria.


Guy said:
> except will deny the traffic associated with the named prefix list but
> permit all others.

"except" does not imply any particular action; it only controls
the selection of packets to which the action(s) in the "then"
clause applies.