ZyXEL Communications 2602HWNLI-D7A User Manual

 

All contents copyright (c) 2007 ZyXEL Communications Corporation.   

201 

The Prestige's firewall will automatically detect the IP spoofing and drop it if the firewall is turned on. If the 

firewall is not turned on we can configure a filter set to block the IP spoofing attacks. The basic scheme is as 
follows:   

For the input data filter:   



 

Deny packets from the outside that claim to be from the inside   



 

Allow everything that is not spoofing us   

Filter rule setup:   



 

Filter type =TCP/IP Filter Rule   



 

Active =Yes   



 

Source IP Addr =a.b.c.d   



 

Source IP Mask =w.x.y.z   



 

Action Matched =Drop   



 

Action Not Matched =Forward   

Where a.b.c.d is an IP address on your local network and w.x.y.z is your netmask:   

For the output data filters:   



 

Deny bounceback packet   



 

Allow packets that originate from us   

Filter rule setup:   



 

Filter Type =TCP/IP Filter Rule   



 

Active =Yes   



 

Destination IP Addr =a.b.c.d   



 

Destination IP Mask =w.x.y.z   



 

Action Matched =Drop   



 

Action No Matched =Forward   

Where a.b.c.d is an IP address on your local network and w.x.y.z is your netmask.