
                                               P-660 Series Support Notes 
18. Why can't I configure device filters or protocol filters?    
In ZyNOS, you can not mix different filter groups in the same filter set.      
19. How can I protect against IP spoofing attacks?  
The Prestige's filter sets provide a means to protect against IP spoofing attacks. The 
basic scheme is as follows: 
For the input data filter:   
• Deny packets from the outside that claim to be from the inside   
• Allow everything that is not spoofing us 
Filter rule setup:   
• Filter type =TCP/IP Filter Rule   
• Active =Yes   
• Source IP Addr =a.b.c.d   
• Source IP Mask =w.x.y.z   
• Action Matched =Drop   
• Action Not Matched =Forward 
Where a.b.c.d is an IP address on your local network and w.x.y.z is your netmask: 
For the output data filters:   
• Deny bounceback packet   
• Allow packets that originate from us 
Filter rule setup:   
• Filter Type =TCP/IP Filter Rule   
• Active =Yes   
• Destination IP Addr =a.b.c.d   
• Destination IP Mask =w.x.y.z   
• Action Matched =Drop   
• Action No Matched =Forward 
Where a.b.c.d is an IP address on your local network and w.x.y.z is your netmask. 
8 
All contents copyright © 2005 ZyXEL Communications Corporation.