Status: IN
Firewall rule configuration has protocol-asymmetric requirements — port specification is valid only for TCP/UDP (not ICMP/ESP/GRE), direction determines which IP flag is required (source for inbound, destination for outbound), and CIDR notation is mandatory for all IP specifications.