Rules, which are the main part of NPF configuration, describe the criteria used to inspect and make decisions about packets. Currently, NPF supports filtering on the following criteria: interface, traffic direction, protocol, IPv4 address or network, and TCP/UDP port or range. Supported actions are blocking or passing the packet.
Each rule has a priority, which is set according to its order in the ruleset. Rules defined first are accordingly inspected first. All rules in the group are inspected sequentially, and the last matching dictates the action to be taken. Rules, however, may be explicitly marked as final (that is, "quick"). In such cases, processing stops after encountering the first matching rule marked as final. If there is no matching rule in the custom group, then rules in the default group will be inspected.
Definitions (prefixed with "$") and tables (specified by an ID within "<>" marks) can be used in the filter options of rules.