ZyXEL Communications Wireless Gateway Series User Manual
ZyAIR Wireless Gateway Series User’s Guide
24-12
Filter and Firewall Configuration
Table 24-4 Menu 21.1.4.1 Generic Filter Rule
FIELD DESCRIPTION EXAMPLE
Offset
Type the starting byte of the data portion in the packet that you want to
compare. The range for this field is from 0 to 255.
compare. The range for this field is from 0 to 255.
0
(default)
Length
Type the byte count of the data portion in the packet that you want to
compare. The range for this field is 0 to 8.
compare. The range for this field is 0 to 8.
0
(default)
Mask
Type the mask (in Hexadecimal) to apply to the data portion before
comparison.
comparison.
Value
Type the value (in Hexadecimal) to compare with the data portion.
More
If Yes, a matching packet is passed to the next filter rule before an action
is taken or else the packet is disposed of according to the action fields.
is taken or else the packet is disposed of according to the action fields.
If More is Yes, then Action Matched and Action Not Matched will be
N/A.
N/A.
No
(default)
Log
Select the logging option from the following:
None – No packets will be logged.
Action Matched – Only matching packets and rules will be logged.
Action Not Matched – Only packets that do not match the rule
parameters will be logged.
Both – All packets will be logged.
Action Matched – Only matching packets and rules will be logged.
Action Not Matched – Only packets that do not match the rule
parameters will be logged.
Both – All packets will be logged.
None
Action
Matched
Matched
Select the action for a matching packet. Choices are Check Next Rule,
Forward or Drop.
Forward or Drop.
Check Next
Rule
Action Not
Matched
Matched
Select the action for a packet not matching the rule. Choices are Check
Next Rule, Forward or Drop.
Next Rule, Forward or Drop.
Check Next
Rule
When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to
cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen.
cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen.
24.4 Filter Types and NAT
There are two classes of filter rules, Generic Filter Device rules and Protocol Filter (TCP/IP) rules.
Generic Filter rules act on the raw data from/to LAN and WAN. Protocol Filter rules act on IP packets.
Generic Filter rules act on the raw data from/to LAN and WAN. Protocol Filter rules act on IP packets.
When NAT (Network Address Translation) is enabled, the inside IP address and port number are replaced
on a connection-by-connection basis, which makes it impossible to know the exact address and port on the
wire. Therefore, the ZyAIR applies the protocol filters to the “native” IP address and port number before
NAT for outgoing packets and after NAT for incoming packets. On the other hand, the generic (or device)
filters are applied to the raw packets that appear on the wire. They are applied at the point where the ZyAIR
on a connection-by-connection basis, which makes it impossible to know the exact address and port on the
wire. Therefore, the ZyAIR applies the protocol filters to the “native” IP address and port number before
NAT for outgoing packets and after NAT for incoming packets. On the other hand, the generic (or device)
filters are applied to the raw packets that appear on the wire. They are applied at the point where the ZyAIR