Home > ZyXEL > Router > ZyXEL Router Prestige 334 User Manual

ZyXEL Router Prestige 334 User Manual

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual ZyXEL Router Prestige 334 User Manual. The ZyXEL manuals for Router are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 261

    Page 261 Prestige 334 User’s Guide Chapter 27 Filter Configuration 260 The protocol dependent filter rules abbreviation are listed as follows: Refer to the next section for information on configuring the filter rules. 27.2.1 Configuring a Filter Rule To configure a filter rule, type its number in Menu 21.1.1 - Filter Rules Summary and press [ENTER] to open menu 21.1.1.1 for the rule. To speed up filtering, all rules in a filter set must be of the same class, i.e., protocol filters or generic filters. The class... 
    Prestige 334 User’s Guide
Chapter 27 Filter Configuration 260
The protocol dependent filter rules abbreviation are listed as follows:
Refer to the next section for information on configuring the filter rules.
27.2.1  Configuring a Filter Rule
To configure a filter rule, type its number in Menu 21.1.1 - Filter Rules Summary and press 
[ENTER] to open menu 21.1.1.1 for the rule.
To speed up filtering, all rules in a filter set must be of the same class, i.e., protocol filters or 
generic filters. The class...

    Page 262

    Page 262 Prestige 334 User’s Guide 261 Chapter 27 Filter Configuration To configure TCP/IP rules, select TCP/IP Filter Rule from the Filter Type field and press [ENTER] to open Menu 21.1.1.1 - TCP/IP Filter Rule, as shown next Figure 138 Menu 21.1.1.1 TCP/IP Filter Rule. The following table describes how to configure your TCP/IP filter rule. Menu 21.1.1.1 - TCP/IP Filter Rule Filter #: 1,1 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 0 IP Source Route=... 
    Prestige 334 User’s Guide
261 Chapter 27 Filter Configuration
To configure TCP/IP rules, select TCP/IP Filter Rule from the Filter Type field and press 
[ENTER] to open Menu 21.1.1.1 - TCP/IP Filter Rule, as shown next
Figure 138   Menu 21.1.1.1 TCP/IP Filter Rule.
The following table describes how to configure your TCP/IP filter rule.
   Menu 21.1.1.1 - TCP/IP Filter Rule
          Filter #: 1,1
          Filter Type= TCP/IP Filter Rule
          Active= Yes
          IP Protocol= 0     IP Source Route=...

    Page 263

    Page 263 Prestige 334 User’s Guide Chapter 27 Filter Configuration 262 The following figure illustrates the logic flow of an IP filter. Source IP AddressEnter the source IP Address of the packet you wish to filter. This field is ignored if it is 0.0.0.0.0.0.0.0 IP MaskEnter the IP mask to apply to the Source: IP Addr.0.0.0.0 Port #Enter the source port of the packets that you wish to filter. The range of this field is 0 to 65535. This field is ignored if it is 0.0-65535 Port # CompPress [SPACE BAR] and then... 
    Prestige 334 User’s Guide
Chapter 27 Filter Configuration 262
The following figure illustrates the logic flow of an IP filter.
Source
IP AddressEnter the source IP Address of the packet you wish to filter. This 
field is ignored if it is 0.0.0.0.0.0.0.0
IP MaskEnter the IP mask to apply to the Source: IP Addr.0.0.0.0
Port #Enter the source port of the packets that you wish to filter. The 
range of this field is 0 to 65535. This field is ignored if it is 0.0-65535
Port # CompPress [SPACE BAR] and then...

    Page 264

    Page 264 Prestige 334 User’s Guide 263 Chapter 27 Filter Configuration Figure 139 Executing an IP Filter 27.2.3 Configuring a Generic Filter Rule This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly. For generic rules, the Prestige treats a packet as a byte stream as opposed to an IP or IPX packet. You specify the portion of the packet to check with the Offset (from 0)... 
    Prestige 334 User’s Guide
263 Chapter 27 Filter Configuration
Figure 139   Executing an IP Filter
27.2.3  Configuring a Generic Filter Rule
 This section shows you how to configure a generic filter rule. The purpose of generic rules is 
to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly.
For generic rules, the Prestige treats a packet as a byte stream as opposed to an IP or IPX 
packet. You specify the portion of the packet to check with the Offset (from 0)...

    Page 265

    Page 265 Prestige 334 User’s Guide Chapter 27 Filter Configuration 264 Figure 140 Menu 21.1.4.1 Generic Filter Rule The following table describes the fields in the Generic Filter Rule menu. Menu 21.1.4.1 - Generic Filter Rule Filter #: 4,1 Filter Type= Generic Filter Rule Active= No Offset= 0 Length= 0 Mask= N/A Value= N/A More= No Log= None Action Matched= Check Next Rule Action Not Matched= Check Next Rule... 
    Prestige 334 User’s Guide
Chapter 27 Filter Configuration 264
Figure 140   Menu 21.1.4.1 Generic Filter Rule
The following table describes the fields in the Generic Filter Rule menu.
   Menu 21.1.4.1 - Generic Filter Rule
         Filter #: 4,1
         Filter Type= Generic Filter Rule
         Active= No
         Offset= 0
         Length= 0
         Mask= N/A
         Value= N/A
         More= No           Log= None
         Action Matched= Check Next Rule
         Action Not Matched= Check Next Rule...

    Page 266

    Page 266 Prestige 334 User’s Guide 265 Chapter 27 Filter Configuration 27.3 Example Filter Let’s look at an example to block outside users from accessing the Prestige via telnet. Figure 141 Telnet Filter Example 1Enter 21 from the main menu to open Menu 21 - Filter and Firewall Setup. 2Enter 1 to open Menu 21.1 - Filter Set Configuration. 3Enter the index of the filter set you wish to configure (say 3) and press [ENTER]. 4Enter a descriptive name or comment in the Edit Comments field and press [ENTER]. 5Press... 
    Prestige 334 User’s Guide
265 Chapter 27 Filter Configuration
27.3  Example Filter
Let’s look at an example to block outside users from accessing the Prestige via telnet. 
Figure 141   Telnet Filter Example
1Enter 21 from the main menu to open Menu 21 - Filter and Firewall Setup.
2Enter 1 to open Menu 21.1 - Filter Set Configuration.
3Enter the index of the filter set you wish to configure (say 3) and press [ENTER].
4Enter a descriptive name or comment in the Edit Comments field and press [ENTER].
5Press...

    Page 267

    Page 267 Prestige 334 User’s Guide Chapter 27 Filter Configuration 266 Figure 142 Example Filter: Menu 21.1.3.1 • Select Ye s from the Active field to activate this rule. •6 is the TCP IP Protocol. •The Port # for the telnet service (TCP protocol) is 23. See RFC 1060 for port numbers of well-known services. • Select Equal from the Port # Comp field as you are looking for packets going to port 23 only. • Select Drop in the Action Matched field so that the packet will be dropped if its destination is the... 
    Prestige 334 User’s Guide
Chapter 27 Filter Configuration 266
Figure 142   Example Filter: Menu 21.1.3.1
• Select Ye s from the Active field to activate this rule.
•6 is the TCP IP Protocol.
•The Port # for the telnet service (TCP protocol) is 23. See RFC 1060 for port numbers of 
well-known services.
• Select Equal from the Port # Comp field as you are looking for packets going to port 23 
only.
• Select Drop in the Action Matched field so that the packet will be dropped if its 
destination is the...

    Page 268

    Page 268 Prestige 334 User’s Guide 267 Chapter 27 Filter Configuration Figure 143 Example Filter Rules Summary: Menu 21.1.3 This shows you that you have configured and activated (A = Y) a TCP/IP filter rule (Ty p e = IP, Pr = 6) for destination telnet ports (DP = 23). M = N means an action can be taken immediately. The action is to drop the packet (m = D) if the action is matched and to forward the packet immediately (n = F) if the action is not matched no matter whether there are more rules to be checked... 
    Prestige 334 User’s Guide
267 Chapter 27 Filter Configuration
Figure 143   Example Filter Rules Summary: Menu 21.1.3
This shows you that you have configured and activated (A = Y) a TCP/IP filter rule (Ty p e  =  
IP, Pr = 6) for destination telnet ports (DP = 23).
M = N means an action can be taken immediately. The action is to drop the packet (m = D) if 
the action is matched and to forward the packet immediately (n = F) if the action is not 
matched no matter whether there are more rules to be checked...

    Page 269

    Page 269 Prestige 334 User’s Guide Chapter 27 Filter Configuration 268 Figure 144 Protocol and Device Filter Sets 27.5 Firewall Versus Filters Firewall configuration is discussed in the firewall chapters of this manual. Further comparisons are also made between filtering, NAT and the firewall. 27.6 Applying a Filter This section shows you where to apply the filter(s) after you design it (them). The Prestige already has filters to prevent NetBIOS traffic from triggering calls, and block incoming telnet,... 
    Prestige 334 User’s Guide
Chapter 27 Filter Configuration 268
Figure 144   Protocol and Device Filter Sets
27.5  Firewall Versus Filters
Firewall configuration is discussed in the firewall chapters of this manual. Further 
comparisons are also made between filtering, NAT and the firewall. 
27.6  Applying a Filter 
This section shows you where to apply the filter(s) after you design it (them). The Prestige 
already has filters to prevent NetBIOS traffic from triggering calls, and block incoming telnet,...

    Page 270

    Page 270 Prestige 334 User’s Guide 269 Chapter 27 Filter Configuration Figure 145 Filtering LAN Traffic 27.6.2 Applying Remote Node Filters Go to menu 11.5 (shown below – note that call filter sets are only present for PPPoE encapsulation) and enter the number(s) of the filter set(s) as appropriate. You can cascade up to four filter sets by entering their numbers separated by commas. The Prestige already has filters to prevent NetBIOS traffic from triggering calls. Figure 146 Filtering Remote Node... 
    Prestige 334 User’s Guide
269 Chapter 27 Filter Configuration
Figure 145   Filtering LAN Traffic
27.6.2  Applying Remote Node Filters
Go to menu 11.5 (shown below – note that call filter sets are only present for PPPoE 
encapsulation) and enter the number(s) of the filter set(s) as appropriate. You can cascade up 
to four filter sets by entering their numbers separated by commas. The Prestige already has 
filters to prevent NetBIOS traffic from triggering calls.
Figure 146   Filtering Remote Node...
    Start reading ZyXEL Router Prestige 334 User Manual

    Related Manuals for ZyXEL Router Prestige 334 User Manual

    All ZyXEL manuals