A classifier can also be used to drop packets, just like a firewall does. Using if (see below), this could be implemented as follows:
egress {
class (<$whatever>))
if ip_src:8 == 10.0.0.0 && drop;
...
}
This is not very intuitive, and unnecessarily requires the presence (or even creation) of a class. The drop construct allows this to be expressed as:
egress {
drop if ip_src:8 == 10.0.0.0;
...
}