Zyxel P-660R-F1 Router Manual PDF (Setup & Configuration Guide)

Page 106 / 268 Scroll up to view Page 101 - 105

Chapter 8 Packet Filters

P-660R-F1 Series User’s Guide

106

Figure 64

Security > Packet Filter

The following table describes the fields in this screen.

8.2.1

Editing Protocol Filters

Use this screen to display a protocol filter set on your ZyXEL Device. Protocol rules allow you to

base the rule on the fields in the IP and the upper layer protocol, for example, UDP and TCP

headers.

Table 37

Security > Packet Filter

LABEL

DESCRIPTION

#

This field displays the index number of the filter set.

Name

Enter a name for the filter set. The text may consist of up to 16 letters, numerals

and any printable character found on a typical English language keyboard.

Filter Type

Select

Protocol Filter

or

Generic Filter

for your filter set.

Protocol filter rules are used to filter IP packets while generic filter rules allow

filtering of non-IP packets.

Modify

Click the

Edit

button to configure a filter set.

Click the

Remove

button to delete a filter set.

Apply

Click this to save your changes.

Cancel

Click this to restore your previously saved settings.

Page 107 / 268

Chapter 8 Packet Filters

P-660R-F1 Series User’s Guide

107

In the

Packet Filter

screen, select

Protocol Filter

from the

Filter Type

field. Then click the

Edit

button from the

Modify

field to display the following screen.

Figure 65

Security > Packet Filter > Edit (Protocol Filter)

The fo lowing table describes the fields in this screen.

8.2.2

Configuring Protocol Filter Rules

Use this screen to configure protocol filter rules. In the

Edit (Protocol Filter)

screen, click an

Edit

icon to display the following screen.

LABEL

DESCRIPTION

#

This is the index number of the rules in a filter set.

Active

Use the check box to turn a filter rule on or off.

Filter Type

This field displays whether the filter type is a protocol filter or generic filter.

Protocol

This field displays the upper layer protocol.

SA

This field displays the source IP address.

DA

This field displays the destination IP address.

Modify

Click the

Edit

icon to configure a filter rule.

Click the

Remove

icon to delete a filter rule.

Back

Click this to return to the previous screen without saving.

Apply

Click this to save your changes.

Cancel

Click this to restore your previously saved settings.

Page 108 / 268

Chapter 8 Packet Filters

P-660R-F1 Series User’s Guide

108

Figure 66

Security > Packet Filter > Edit (Protocol Filter) > Edit Rule

The following table describes the labels in this screen.

Table 38

Security > Packet Filter > Edit (Protocol Filter) > Edit Rule

LABEL

DESCRIPTION

Active

Select the check box to enable the filter rule.

Protocol

Select

ICMP

,

TCP

or

UDP

for the upper layer protocol.

IP Source Route

Select the check box to apply the filter rule to packets with an IP source route

option. The majority of IP packets do not have source route.

Destination

Address

Enter the destination IP address of the packet you wish to filter. This field is

ignored if it is 0.0.0.0.

Destination

Subnet Netmask

Enter the IP subnet mask for the destination IP address.

Destination Port

Enter the destination port of the packets that you wish to filter. The range of this

field is 0 to 65535. This field is ignored if it is 0.

Port Compare

Select the comparison to apply to the destination port in the packet against the

value given in the

Destination Port

field.

Options are

None

,

Equal

,

Not Equal

,

Less

and

Greater

.

Source Address

Enter the source IP address of the packet you wish to filter. This field is ignored if

it is 0.0.0.0.

Source Subnet

Netmask

Enter the IP subnet mask for the source IP address

Source Port

Enter the source port of the packets that you wish to filter. The range of this field

is 0 to 65535. This field is ignored if it is 0.

Page 109 / 268

Chapter 8 Packet Filters

P-660R-F1 Series User’s Guide

109

8.2.3

Editing Generic Filters

Use this screen to display a generic filter set on your ZyXEL Device. The purpose of generic rules is

to allow you to filter non-IP packets. For IP packets, it is generally easier to use the IP rules directly.

For generic rules, the ZyXEL Device treats a packet as a byte stream as opposed to an IP or IPX

packet. You specify the portion of the packet to check with the Offset (from 0) and the Length

fields, both in bytes. The ZyXEL Device applies the Mask (bit-wise ANDing) to the data portion

before comparing the result against the Value to determine a match. The Mask and Value are

specified in hexadecimal numbers. Note that it takes two hexadecimal digits to represent a byte, so

if the length is 4 bytes, the value in either field will take 8 digits, for example, FFFFFFFF.

Port Compare

Select the comparison to apply to the source port in the packet against the value

given in the

Source Port

field.

Options are

None

,

Equal

,

Not Equal

,

Less

and

Greater

.

TCP Estab

This field is only available when you select

TCP

in the

Protocol

field.

Select

Yes

to have the rule match packets that want to establish a TCP

connection. This field is ignored if you select

No

.

More

Select

Yes

to pass a matching packet to the next filter rule before an action is

taken. Select

No

to act upon the packet according to the action fields.

Log

Select a logging option from the following:

None

– No packets will be logged.

Match

- Only packets that match the rule parameters will be logged.

Not Match

- Only packets that do not match the rule parameters will be logged.

Both

– All packets will be logged.

Action Match

Select the action for a matching packet.

Options are

Check Next Rule

,

Forward

and

Drop

.

Action Not Match

Select the action for a packet not matching the rule.

Options are

Check Next Rule

,

Forward

and

Drop

.

Back

Click this to return to the previous screen without saving.

Apply

Click this to save your changes.

Cancel

Click this to restore your previously saved settings.

LABEL

DESCRIPTION

Page 110 / 268

Chapter 8 Packet Filters

P-660R-F1 Series User’s Guide

110

In the

Packet Filter

screen, select

Generic Filter

from the

Filter Type

field. Then click the

Edit

button from the

Modify

field to display the following screen.

Figure 67

Security > Packet Filter > Edit (Generic Filter)

The following table describes the labels in this screen.

Table 39

Security > Packet Filter > Edit (Generic Filter)

LABEL

DESCRIPTION

#

This is the index number of the rules in a filter set.

Active

Use the check box to turn on or off a filter rule.

Filter Type

This field displays whether the filter type is a protocol filter or generic

filter.

Offset

This field displays the offset value.

Length

This field displays the length value.

Mask

This field displays the mask value.

Value

This field displays the value.

Modify

Click the

Edit

icon to configure a filter rule.

Click the

Remove

icon to delete a filter rule.

Back

Click this to return to the previous screen without saving.

Apply

Click this to save your changes.

Cancel

Click this to restore your previously saved settings.

Rate

Popular Zyxel Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share