There is also a section on the firewall edit page called Advanced Options. These options only appear if you click on the Display Advanced button. In this section, you will find a series of less commonly used matching criteria. As with the other criteria, the rule will apply if the packets match the criteria. Here are some of the more useful options:

• Source OS: This will attempt to match the operating system of the source traffic.
• Diffserv Code Point: A mechanism for providing Quality of Service (QoS) of network traffic. Systems can prioritize traffic based on their code point values.
• TCP Flags: Matches traffic based on whether certain TCP flags are set.
• State Type: Specifies a particular state tracking mechanism.

• No XMLRPC Sync: This prevents a rule from being synced on other CARP members.
• Schedule: Allows you to specify the time when this rule is valid. You must define a schedule entry to use this option; once you do, the schedules defined will appear here.
• Gateway: Gateways other than the default one may be specified here.
• In/Out: Allows you to specify alternative queues and virtual interfaces. This option is useful if you want to redirect matched traffic into a traffic shaping queue.
• Ackqueue/Queue: Specifies alternative acknowledge queues.