Firewall filters provide rules that define whether to accept or reject packets that are transiting an interface on a router. The subscriber management feature supports four categories of firewall filters—classic filters, parameterized filters, Ascend-Data-Filters, and fast update filters.

• Classic filters are compiled at commit time and then, when a service is activated, an interface-specific clone of the filter is created and attached to a logical interface. Classic filters are static filters; they cannot contain subscriber-specific terms (also called rules). Classic filters can be applied to interfaces dynamically. This dynamic application is performed by associating input or output filters with a dynamic profile. When triggered, a dynamic profile can apply a named filter or a filter specified in RADIUS to an interface.
• Parameterized filters add the ability to configure firewall filters under a dynamic profile. The filter definitions utilize dynamic-profile variables, which allow you to customize your configuration at session creation time. You can configure a general filter under a dynamic profile and then provide policing rates, destination addresses, ports, and so forth when a dynamic session is activated.
• Ascend-Data-Filters create policies for subscriber traffic. The filter is configured on the RADIUS server and contains rules that specifically match conditions for traffic and define an action for the router to perform.
• Fast update filters are similar to classic filters in many ways. However, fast update filters support subscriber-specific, rather than interface-specific, filter values. Fast update filters also allow individual filter terms to be incrementally added or removed from filters without requiring that the entire filter be recompiled for each modification. Fast update filters are essential for networking environments in which multiple subscribers might share the same logical interface.