When you create a filter rule, it refers to a one-rule statement. A group of filter rules is called a set. The filters within a set are processed top to bottom, in physical order. Multiple sets are processed in physical order within a FILTER_INTERFACE statement.
The following example shows where one set contains three filter statements. Whenever you refer to this set, all three rules will be included. It is typically easiest to include all of your filter rules in one set.
FILTER SET all ACTION = PERMIT DIRECTION = INBOUND SRCADDR = * DSTADDR % = * PROTOCOL = TCP/STARTING DSTPORT = * SRCPORT = * FRAGMENTS % = HEADERS JRN = FULL FILTER SET all ACTION = PERMIT DIRECTION = INBOUND SRCADDR = * DSTADDR % = * PROTOCOL = TCP DSTPORT = * SRCPORT = * FRAGMENTS = NONE % JRN = OFF FILTER SET all ACTION = PERMIT DIRECTION = INBOUND SRCADDR = * DSTADDR % = * PROTOCOL = ICMP TYPE = * CODE = * FRAGMENTS = NONE JRN % = OFF FILTER_INTERFACE LINE = ETHLINE SET = all ###Ethernet line ETHLINE