HomeSafe User’s Guide

Packet

into IP Filter

Filter Active?

No

 

 

Yes

 

 

 

Apply SrcAddrMask

 

 

 

to Src Addr

 

 

 

Check Src

Not Matched

 

 

IP Addr

 

 

 

 

 

Matched

 

 

 

Apply DestAddrMask

 

 

to Dest Addr

 

 

 

Check Dest

Not Matched

 

 

IP Addr

 

 

 

 

 

Matched

 

 

 

Check

Not Matched

 

 

IP Protocol

 

 

 

 

 

Matched

 

 

 

Check Src &

Not Matched

 

 

Dest Port

 

 

 

 

 

Matched

 

 

 

More?

Yes

 

 

No

 

Action Not Matched

Action Matched

Check Next Rule

 

 

 

Check Next Rule

Drop

Forward

Drop

Forward

 

 

Drop Packet

Check Next Rule

 

Accept Packet

Figure 27-7 Executing an IP Filter

27.2.3 Configuring a Generic Filter Rule

This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly.

For generic rules, the HomeSafe treats a packet as a byte stream as opposed to an IP or IPX packet. You specify the portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes. The HomeSafe applies the Mask (bit-wise ANDing) to the data portion before comparing the result against the Value to determine a match. The Mask and Value are specified in hexadecimal numbers. Note that it takes two hexadecimal digits to represent a byte, so if the length is 4, the value in either field will take 8 digits, for example, FFFFFFFF.

Filter Configuration

27-7

Page 270
Image 270
ZyXEL Communications HS100/HS100W manual Configuring a Generic Filter Rule, Executing an IP Filter