Each rule must have either the allow or deny field. If the source or destination field is blank, then that field matches all machines. Otherwise, the source and destination fields specify which machines and networks the Eagle allows access to and from.