A firewall is a network security system that monitors and controls incoming and outgoing network traffic. The firewall may be implemented as a packet filter that operates based on rules indicating properties of packets that are to be allowed and/or denied. A packet may be forwarded or dropped based on the rules. For example, in a “whitelist” embodiment, a packet that satisfies at least one of the rules may be forwarded, whereas a packet that does not satisfy any of the rules may be dropped. Alternatively, in a “blacklist” embodiment, a packet that satisfies at least one of the rules may be dropped, whereas a packet that does not satisfy any of the rules may be forwarded. The filtering rules may be specified by a person (e.g., a network administrator). However, manually determining filtering rules that cover all packets that may potentially be generated in a network may be impractical, time-consuming, or both. Moreover, having a large number of filtering rules may increase delay in packet routing (e.g., because, in some examples, each of the filtering rules may be applied to a packet before a forward/drop decision can be made regarding the packet).