A network device includes at least one network port, a masks table, a rules table, a pointers table, and a fast filter processor. The masks table contains filter information and a mask key. The rules table contains corresponding rules to the filter information and is related to the mask table by the mask key. The pointers table contains boundary data related to the rules for corresponding filter information. The fast filter processor is coupled to the mask table, the rules table and the pointers table, and configured to perform at least one binary search for at least one rule related to a data packet received by the network device at the at least one network port, the binary search being limited based on the boundary data in the pointers table.