Chapter 40 Filter Configuration

For generic rules, the ZyWALL treats a packet as a byte stream as opposed to an IP or IPX packet. You specify the portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes. The ZyWALL applies the Mask (bit-wise ANDing) to the data portion before comparing the result against the Value to determine a match. The Mask and Value are specified in hexadecimal numbers. Note that it takes two hexadecimal digits to represent a byte, so if the length is 4, the value in either field will take 8 digits, for example, FFFFFFFF.

To configure a generic rule, select Generic Filter Rule in the Filter Type field in menu 21.1.x.x and press [ENTER] to open Generic Filter Rule, as shown below.

Figure 409 Menu 21.1.1.1: Generic Filter Rule

Menu 21.1.1.1 - Generic Filter Rule

Filter #: 1,1

Filter Type= Generic Filter Rule

Active= No

 

Offset= 0

 

Length= 0

 

Mask= N/A

 

Value= N/A

Log= None

More= No

Action Matched= Check Next Rule

Action Not Matched= Check Next Rule

Press ENTER to Confirm or ESC to Cancel:

The following table describes the fields in the Generic Filter Rule menu. Table 233 Generic Filter Rule Menu Fields

FIELD

DESCRIPTION

Filter #

This is the filter set, filter rule co-ordinates, i.e., 2,3 refers to the second filter set and the

 

third rule of that set.

 

 

Filter Type

Use [SPACE BAR] and then [ENTER] to select a rule type. Parameters displayed below

 

each type will be different. TCP/IP filter rules are used to filter IP packets while generic

 

filter rules allow filtering of non-IP packets.

 

Options are Generic Filter Rule and TCP/IP Filter Rule.

 

 

Active

Select Yes to turn on the filter rule or No to turn it off.

 

 

Offset

Enter the starting byte of the data portion in the packet that you wish to compare. The

 

range for this field is from 0 to 255.

 

 

Length

Enter the byte count of the data portion in the packet that you wish to compare. The range

 

for this field is 0 to 8.

 

 

Mask

Enter the mask (in Hexadecimal notation) to apply to the data portion before comparison.

 

 

Value

Enter the value (in Hexadecimal notation) to compare with the data portion.

 

 

More

If Yes, a matching packet is passed to the next filter rule before an action is taken; else

 

the packet is disposed of according to the action fields.

 

If More is Yes, then Action Matched and Action Not Matched will be No.

 

 

 

625

ZyWALL 2WG User’s Guide