Self Conflict

This operation looks for conflicts between rules within the same rule table. For most families of security devices configuration of features is controlled by ordered rule lists often called access control lists (ACLs). If a packet matches a rule, the device will apply the corresponding action even if a later rule also matches and is what the system administrator intendend.

Almost all configurations will have conflicts within their tables, and most of those conflicts will be innocuous. However, unintended conflicts are a major source of configuration errors, and conflicts should be carefully examined and understood when reviewing a network security device configuration.