When creating a firewall rule, it is important to remember that the source port is often chosen by the system's implementation of the networking protocol being used from a range of ports. Since we rarely know what this port is in advance, it is usually correct to leave the source set to any. To understand why this is the case, consider the example of a user requesting a simple web page. Port 80 is the default port for HTTP traffic, but this refers to the port requested on the remote server. The port used on the client will be chosen from a range of ports (typically from 1024 to 65535); this port is often a seemingly arbitrarily chosen one. If the router uses NAT, this internal port will be translated to a different (external) port number, and then the request will be sent. The return traffic will flow the opposite way, first to the external port number on the router, then to the client’s internal port number. Thus, while we know the port to which traffic will be directed on the destination server, it is almost a certainty that we do not know the source port. Therefore, we should avoid the mistake of specifying the source port, except for rare cases in which we know the source of the traffic in advance.