|
| ZyWALL 5/35/70 Series User’s Guide |
| Table 222 Menu 21.1.1.1: TCP/IP Filter Rule | |
|
|
|
| FIELD | DESCRIPTION |
|
|
|
| Destination |
|
|
|
|
| IP Addr | Enter the destination IP Address of the packet you wish to filter. This field is ignored |
|
| if it is 0.0.0.0. |
| IP Mask | Enter the IP mask to apply to the Destination: IP Addr. |
|
|
|
| Port # | Enter the destination port of the packets that you wish to filter. The range of this field |
|
| is 0 to 65535. This field is ignored if it is 0. |
| Port # Comp | Press [SPACE BAR] and then [ENTER] to select the comparison to apply to the |
|
| destination port in the packet against the value given in Destination: Port #. |
|
| Options are None, Equal, Not Equal, Less and Greater. |
|
|
|
| Source |
|
|
|
|
| IP Addr | Enter the source IP Address of the packet you wish to filter. This field is ignored if it |
|
| is 0.0.0.0. |
| IP Mask | Enter the IP mask to apply to the Source: IP Addr. |
|
|
|
| Port # | Enter the source port of the packets that you wish to filter. The range of this field is 0 |
|
| to 65535. This field is ignored if it is 0. |
| Port # Comp | Press [SPACE BAR] and then [ENTER] to select the comparison to apply to the |
|
| source port in the packet against the value given in Source: Port #. |
|
| Options are None, Equal, Not Equal, Less and Greater. |
|
|
|
| TCP Estab | This field is applicable only when the IP Protocol field is 6, TCP. Press [SPACE |
|
| BAR] and then [ENTER] to select Yes, to have the rule match packets that want to |
|
| establish a TCP connection (SYN=1 and ACK=0); if No, it is ignored. |
| More | Press [SPACE BAR] and then [ENTER] to select Yes or No. If Yes, a matching |
|
| packet is passed to the next filter rule before an action is taken; if No, the packet is |
|
| disposed of according to the action fields. |
|
| If More is Yes, then Action Matched and Action Not Matched will be N/A. |
|
|
|
| Log | Press [SPACE BAR] and then [ENTER] to select a logging option from the following: |
|
| None – No packets will be logged. |
|
| Action Matched - Only packets that match the rule parameters will be logged. |
|
| Action Not Matched - Only packets that do not match the rule parameters will be |
|
| logged. |
|
| Both – All packets will be logged. |
|
|
|
| Action Matched | Press [SPACE BAR] and then [ENTER] to select the action for a matching packet. |
|
| Options are Check Next Rule, Forward and Drop. |
|
|
|
| Action Not | Press [SPACE BAR] and then [ENTER] to select the action for a packet not |
| Matched | matching the rule. |
|
| Options are Check Next Rule, Forward and Drop. |
|
|
|
| When you have Menu 21.1.1.1 - TCP/IP Filter Rule configured, press [ENTER] at the message “Press | |
| ENTER to Confirm” to save your configuration, or press [ESC] to cancel. This data will now be | |
| displayed on Menu 21.1.1 - Filter Rules Summary. | |
The following figure illustrates the logic flow of an IP filter.
Chapter 44 Filter Configuration | 590 |