Routers are used to direct data among and between subnetworks or devices of a network. Because a network can include tens of thousands of individually addressable devices, the operation of a router can be quite complex.
In order to perform their complex operations, routers may be provided with filters, which are sets of rules that determine how the routers transmit data. For instance, when a router receives data, a filter may be used to determine the type or class of the data, and based on the type or class of data, the router may forward the packet of data to a queue, permit or prevent the data packet from passing through a firewall, prioritize the data, or perform other functions relating to handling and/or transmission of the data. For example, a filter may be employed to determine when, where and how to send the data. A filter may also be used to specify valid combinations of source and destination IP addresses, source and destination ports and protocol for messages allowed to pass through a firewall.
Occasionally, after a network has been designed and implemented and is in use, a filter may be written specifically for the network in order to address circumstances or situations specific to that network. Although the people writing such specific filters may be very knowledgeable about certain aspects of the operation and needs of the network, these people often have very limited expertise or experience in writing filters. Because of this, these specifically written filters may not be very effective, or may actually have adverse unintended consequences.