This invention relates generally to the fields of network switch policy management, network security, and network anomaly detection and mitigation, and, more specifically, to distributed, on-switch methods of enforcing network switch policies, promoting network security, or detecting and mitigating network anomalies, which methods may be embodied as one or more rules stored locally at the network switches.