| (dst IP,dst port,src IP,src port) | (r,b) | priority |
| (*, 80, *, *) | (300,5) | 3 |
| (*, 80, 10.1.1.1, *) | (100,5) | 2 |
| (12.1.1.1, 80, *, *) | (10,1) | * |
A filter rule specifies the network-level and/or application-level attributes that define an aggregate and the parameters for the control mechanism that is associated with it. A network-level filter is a four-tuple consisting of local IP address, local port, remote IP address, and remote port; application-level filters were shown in Table 1. Table 2 lists some network-level filter examples. The first rule applies to the web server process listening at local port 80 on all network interfaces; it specifies that all connections to the server are rate-controlled at a rate of 300 conns/sec, a burst of 5, and a priority of 3 (the default lowest priority). The filter rules can contain range of IP addresses, wildcards, etc.
2:
Example Network-level Policies