In some cases, it may be desirable to have more control over how preconditions are used. For example, in a firewall, one may wish to ignore expressions entirely if they access any unavailable fields, independent of how these fields are used in the expression.
The precond function allows to do this: it returns the combined preconditions of all accesses of its argument. Note that preconditions encountered in preconditions are evaluated in the normal way.
drop if !precond(ip_src != 22.214.171.124 || tcp_sport != 80); drop if ip_src != 126.96.36.199 || tcp_sport != 80;
The first rule drops non-TCP packets even if their source IP address is 188.8.131.52.