ZyWALL 5/35/70 Series User’s Guide

To speed up filtering, all rules in a filter set must be of the same class, i.e., protocol filters or generic filters. The class of a filter set is determined by the first rule that you create. When applying the filter sets to a port, separate menu fields are provided for protocol and device filter sets. If you include a protocol filter set in a device filter field or vice versa, the ZyWALL will warn you and will not allow you to save.

44.2.2 Configuring a TCP/IP Filter Rule

This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fields in the IP and the upper layer protocol, for example, UDP and TCP headers.

To configure TCP/IP rules, select TCP/IP Filter Rule from the Filter Type field and press [ENTER] to open Menu 21.1.1.1 - TCP/IP Filter Rule, as shown next.

Figure 344 Menu 21.1.1.1: TCP/IP Filter Rule

Menu 21.1.1.1 - TCP/IP Filter Rule

Filter #: 1,1

TCP/IP Filter Rule

Filter Type=

Active= Yes

0

IP Source Route= No

IP Protocol=

Destination: IP Addr=

 

IP Mask=

 

Port #=

 

Port # Comp= None

Source: IP Addr=

 

IP Mask=

 

Port #=

 

Port # Comp= None

TCP Estab= N/A

Log= None

More= No

 

Action Matched= Check Next Rule

Action Not Matched= Check Next Rule

Press ENTER to Confirm or ESC to Cancel:

The following table describes how to configure your TCP/IP filter rule.

Table 222 Menu 21.1.1.1: TCP/IP Filter Rule

FIELD

DESCRIPTION

 

 

Active

Press [SPACE BAR] and then [ENTER] to select Yes to activate the filter rule or No

 

to deactivate it.

IP Protocol

Protocol refers to the upper layer protocol, e.g., TCP is 6, UDP is 17 and ICMP is 1.

 

Type a value between 0 and 255. A value of 0 matches ANY protocol.

IP Source Route

Press [SPACE BAR] and then [ENTER] to select Yes to apply the rule to packets

 

with an IP source route option. Otherwise the packets must not have a source route

 

option. The majority of IP packets do not have source route.

585

Chapter 44 Filter Configuration