Just about anything in the packet header may be used.

• Direction - In, Out, or Both
• Layer 7 protocol and pseudo protocol filters for TCP/IP, ICMP, UDP, all FTP, HTTP and HTTPs, all P2P, IM, SMTP, SIP and VOIP.
• Protocol - any registered protocol
• TOS Hex (Type of service flag)
• Port or Port Range
• Port direction (Source, Destination, or Both)
• IP Address or Subnet and mask (Source, Destination, or Both)
• MAC protocol
• VLAN ID
• MAC Address (Source and/or Destination, or Both)
• Host Address (Virtual or direct)
• URL or any part thereof (both HTTP and FTP)