Which of the following fields is NOT included in firewall rules?

In the context of firewall rules, the field that is not typically included is the action. Firewall rules generally consist of a policy, which defines the criteria for traffic handling, a source IP to specify the origin of the traffic, a destination port to identify where the traffic is directed, and potentially other fields that help in further delineating the traffic.

While actions such as allow or deny are crucial for the operational functioning of a firewall, they are not categorized as a separate field within the rule structure themselves. Instead, the action is derived from how the firewall interprets the rule's conditions when a connection attempt is made. The action is a consequence of evaluating the defined fields rather than a field embedded within the rule. This distinction is key to understanding how firewall configurations are logically structured, as it emphasizes the criteria aimed at categorizing and filtering traffic over the responses that are enacted based on those criteria.