Zyxel P324 Router Manual PDF (Setup & Configuration Guide)

Page 166 / 285 Scroll up to view Page 161 - 165

13-8

Filter Configuration

Table 13-3 TCP/IP Filter Rule Menu Fields

FIELD

DESCRIPTION

EXAMPLE

IP Protocol

Protocol refers to the upper layer protocol, e.g., TCP is 6,

UDP is 17 and ICMP is 1. This value must be between 0

and 255

0-255

IP Source Route

If

Yes

, the rule applies to packet with IP source route

option; else the packet must not have source route option.

The majority of IP packets do not have source route.

No

Destination

IP Address

Enter the destination IP Address of the packet you wish to

filter. This field reads

don’t-care

if it is 0.0.0.0.

IP address

IP Mask

Enter the IP mask that will be used to mask the bits of the

IP address given in the

Destination IP Address

field.

IP mask

Port #

Enter the destination port of the packets that you wish to

filter. The range of this field is 0 to 65535. This field reads

don’t-care

if it is 0.

0-65535

Port # Comp

Select the comparison to apply to the destination port in

the packet against the value given in

Destination Port #

field.

Options are:

None

,

Less

,

Greater

,

Equal

or

Not

Equal

.

Equal

Source

IP Address

Enter the source IP Address of the packet you wish to

filter. This field reads

don’t-care

if it is 0.0.0.0.

IP Address

IP Mask

Enter the IP mask that will be used to mask the bits of the

IP address given in the

Source IP Address

field.

IP Mask

Port #

Enter the source port of the packets that you wish to filter.

The range of this field is 0 to 65535. This field

reads

don’t-care

if it is 0.

0-65535

Port # Comp

Select the comparison to apply to the source port in the

packet against the value given in

Source Port #

field.

Options are:

None

,

Less

,

Greater,

Equal

or

Not Equal

.

None

TCP Estab

This field is applicable only when

IP Protocol

field is 6,

TCP. If

Yes

, the rule matches only established TCP

connections; else the rule matches all TCP packets.

Yes

No

Page 167 / 285

Prestige 324 Intelligent Broadband Sharing Gateway

Filter Configuration

13-9

Table 13-3 TCP/IP Filter Rule Menu Fields

FIELD

DESCRIPTION

EXAMPLE

More

If

Yes

, a matching packet is passed to the next filter rule

before an action is taken; else the packet is disposed of

according to the action fields.

If the

More

field is

Yes

, then

Action Matched

and

Action

Not Matched

will be

No

.

No

Log

Select the logging option from the following:

None

– No packets will be logged.

Action Matched

- Only packets that match the rule

parameters will be logged.

Action Not Matched

- Only packets that do not match the

rule parameters will be logged.

Both

– All packets will be logged.

None

Action Matched

Select the action for a matching packet. Options are

Check Next Rule

,

Forward

or

Drop

.

Drop

Action Not Matched

Select the action for a packet not matching the rule.

Options are

Check Next Rule

,

Forward

or

Drop

.

Check Next Rule

Once you have completed filling in

Menu 21.1.1.1 - TCP/IP Filter Rule

, press [ENTER] at the message

“Press Enter to Confirm to save your configuration, or press [ESC] to cancel”. This data will now be

displayed on

Menu 21.1.1 - Filter Rules Summary

.

The following figure illustrates the logic flow of an IP filter.

Page 168 / 285

13-10

Filter Configuration

Packet

into IP Filter

Matched

Yes

Action Matched

Action Not Matched

More?

No

Filter Active?

Check

IP Protocol

Drop

Drop Packet

Accept Packet

Drop

Forward

Check Next Rule

Forward

Not Matched

Yes

No

Check Src

IP Addr

Apply SrcAddrMask

to

Src Addr

Matched

Check Dest

IP Addr

Apply DestAddrMask

to

Dest Addr

Not Matched

Check

Src &

Dest Port

Matched

Not Matched

Figure 13-7 Executing an IP Filter

Page 169 / 285

Prestige 324 Intelligent Broadband Sharing Gateway

Filter Configuration

13-11

13.2.4 Generic Filter Rule

This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you

to filter non-IP packets. For IP, it is generally easier to use the IP rules directly.

For generic rules, the Prestige treats a packet as a byte stream as opposed to an IP or IPX packet. You

specify the portion of the packet to check with the

Offset

(from 0) and the

Length

fields, both in bytes. The

Prestige applies the

Mask

(bit-wise ANDing) to the data portion before comparing the result against the

Value

to determine a match. The

Mask

and

Value

are specified in hexadecimal numbers. Note that it takes

two hexadecimal digits to represent a byte, so if the length is 4, the value in either field will take 8 digits,

e.g.,

FFFFFFFF

.

To configure a generic rule, select

Generic Filter Rule

in the

Filter

Type

field in the menu 21.4.1 and

press

[ENTER]

to open

Menu 21.4.1 - Generic Filter Rule

, as shown below.

Figure 13-8 Menu 21.4.1 — Generic Filter Rule

The following table describes the fields in the Generic Filter Rule Menu.

Table 13-4 Generic Filter Rule Menu Fields

FIELD

DESCRIPTION

EXAMPLE

Filter #

This is the filter set, filter rule co-ordinates, i.e., 2,3 refers to the

second filter set and the third rule of that set.

Menu 21.4.1 - Generic Filter Rule

Filter #: 4,1

Filter Type= Generic Filter Rule

Active= No

Offset= 0

Length= 0

Mask= N/A

Value= N/A

More= No

Log= None

Action Matched= Check Next Rule

Action Not Matched= Check Next Rule

Press ENTER to Confirm or ESC to Cancel:

Press Space Bar to Toggle.

Page 170 / 285

13-12

Filter Configuration

Table 13-4 Generic Filter Rule Menu Fields

FIELD

DESCRIPTION

EXAMPLE

Filter Type

Use the [SPACE BAR] to select a rule. Parameters displayed

below each type will be different. Options are:

Generic Filter

Rule

or

TCP/IP Filter Rule

.

Generic Filter Rule

Active

Select

Yes

to turn on the filter rule.

No

Offset

Enter the starting byte of the data portion in the packet that you

wish to compare. The range for this field is from 0 to 255.

0

(default)

Length

Enter the byte count of the data portion in the packet that you

wish to compare. The range for this field is 0 to 8.

0

(default)

Mask

Enter the mask (in Hexadecimal) to apply to the data portion

before comparison.

Value

Enter the value (in Hexadecimal) to compare with the data

portion.

More

If

Yes

, a matching packet is passed to the next filter rule before

an action is taken; else the packet is disposed of according to the

action fields.

If the

More

field is

Yes

, then

Action Matched

and Action Not

Matched

will be

No

.

No

Log

Select the logging option from the following:

None

– No packets will be logged.

Action Matched

- Only packets that match the rule parameters

will be logged.

Action Not Matched

- Only packets that do not match the rule

parameters will be logged.

Both

– All packets will be logged.

None

Action

Matched

Select the action for a matching packet. Options are:

Check Next

Rule

,

Forward

or

Drop

.

Check Next Rule

Action Not

Matched

Select the action for a packet not matching the rule. Options are:

Check Next Rule

,

Forward

or

Drop

.

Check Next Rule

Once you have completed filling in

Menu 21.4.1.1 — Generic Filter Rule

, press [ENTER] at the message

“[Press Enter to Confirm] to save your configuration, or press [ESC] to cancel”. This data will now be

displayed on

Menu 21.1.1 — Filter Rules Summary

.

Rate

Popular Zyxel Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share