Chapter 38 Filter Configuration
The following table describes how to configure your TCP/IP filter rule.
Table 204 Menu 21.1.1.1: TCP/IP Filter Rule
FIELD | DESCRIPTION |
Active | Press [SPACE BAR] and then [ENTER] to select Yes to activate the filter rule or No |
| to deactivate it. |
|
|
IP Protocol | Protocol refers to the upper layer protocol, e.g., TCP is 6, UDP is 17 and ICMP is 1. |
| Type a value between 0 and 255. A value of 0 matches ANY protocol. |
|
|
IP Source Route | Press [SPACE BAR] and then [ENTER] to select Yes to apply the rule to packets |
| with an IP source route option. Otherwise the packets must not have a source route |
| option. The majority of IP packets do not have source route. |
|
|
Destination |
|
|
|
IP Addr | Enter the destination IP Address of the packet you wish to filter. This field is ignored |
| if it is 0.0.0.0. |
|
|
IP Mask | Enter the IP mask to apply to the Destination: IP Addr. |
|
|
Port # | Enter the destination port of the packets that you wish to filter. The range of this field |
| is 0 to 65535. This field is ignored if it is 0. |
|
|
Port # Comp | Press [SPACE BAR] and then [ENTER] to select the comparison to apply to the |
| destination port in the packet against the value given in Destination: Port #. |
| Options are None, Equal, Not Equal, Less and Greater. |
|
|
Source |
|
|
|
IP Addr | Enter the source IP Address of the packet you wish to filter. This field is ignored if it |
| is 0.0.0.0. |
|
|
IP Mask | Enter the IP mask to apply to the Source: IP Addr. |
|
|
Port # | Enter the source port of the packets that you wish to filter. The range of this field is 0 |
| to 65535. This field is ignored if it is 0. |
|
|
Port # Comp | Press [SPACE BAR] and then [ENTER] to select the comparison to apply to the |
| source port in the packet against the value given in Source: Port #. |
| Options are None, Equal, Not Equal, Less and Greater. |
|
|
TCP Estab | This field is applicable only when the IP Protocol field is 6, TCP. Press [SPACE |
| BAR] and then [ENTER] to select Yes, to have the rule match packets that want to |
| establish a TCP connection (SYN=1 and ACK=0); if No, it is ignored. |
|
|
More | Press [SPACE BAR] and then [ENTER] to select Yes or No. If Yes, a matching |
| packet is passed to the next filter rule before an action is taken; if No, the packet is |
| disposed of according to the action fields. |
| If More is Yes, then Action Matched and Action Not Matched will be N/A. |
|
|
Log | Press [SPACE BAR] and then [ENTER] to select a logging option from the following: |
| None – No packets will be logged. |
| Action Matched - Only packets that match the rule parameters will be logged. |
| Action Not Matched - Only packets that do not match the rule parameters will be |
| logged. |
| Both – All packets will be logged. |
|
|
Action Matched | Press [SPACE BAR] and then [ENTER] to select the action for a matching packet. |
| Options are Check Next Rule, Forward and Drop. |
|
|
Action Not | Press [SPACE BAR] and then [ENTER] to select the action for a packet not |
Matched | matching the rule. |
| Options are Check Next Rule, Forward and Drop. |
|
|
When you have Menu 21.1.1.1 - TCP/IP Filter Rule configured, press [ENTER] at the message “Press ENTER to Confirm” to save your configuration, or press [ESC] to cancel. This data will now be displayed on Menu 21.1.1 - Filter Rules Summary.
| 547 |
ZyWALL 2 Plus User’s Guide | |
|
|