Skip steps

transparent optimization of rule set evaluation, improves performance without affecting semantics, example:
ten consecutive rules apply only to packets from source address X
packet has source address Y
first rule evaluated, doesn't match parameter
next nine rules skipped
skipping is done on most parameters, in pre-defined order
parameters like direction (in, out), interface or address family (IPv4/v6) partition the ruleset a lot, performance increase is significant
worst case: consecutive rules have no equal parameters, every rule must be evaluated, but no additional cost (linked list traversal)