ZyXEL p-660h-61 사용자 가이드
Prestige 660H Series User’s Guide
30-10
Filter Configuration
Table 30-4 Menu 21.1.5.1 Generic Filter Rule
FIELD DESCRIPTION EXAMPLE
Log
Select the logging option from the following:
None – No packets will be logged.
Action Matched – Only matching packets and rules will be logged.
Action Not Matched – Only packets that do not match the rule parameters
will be logged.
Both – All packets will be logged.
Action Matched – Only matching packets and rules will be logged.
Action Not Matched – Only packets that do not match the rule parameters
will be logged.
Both – All packets will be logged.
None
Action
Matched
Matched
Select the action for a matching packet. Choices are Check Next Rule,
Forward or Drop.
Forward or Drop.
Check Next
Rule
(default)
Rule
(default)
Action Not
Matched
Matched
Select the action for a packet not matching the rule. Choices are Check Next
Rule, Forward or Drop.
Rule, Forward or Drop.
Check Next
Rule
(default)
Rule
(default)
When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel”
to save your configuration or press [ESC] to cancel and go back to the previous screen.
to save your configuration or press [ESC] to cancel and go back to the previous screen.
30.5 Filter Types and NAT
There are two classes of filter rules, Generic Filter Device rules and Protocol Filter (TCP/IP) rules.
Generic Filter rules act on the raw data from/to LAN and WAN. Protocol Filter rules act on IP
packets.
Generic Filter rules act on the raw data from/to LAN and WAN. Protocol Filter rules act on IP
packets.
When NAT (Network Address Translation) is enabled, the inside IP address and port number are
replaced on a connection-by-connection basis, which makes it impossible to know the exact address
and port on the wire. Therefore, the Prestige applies the protocol filters to the “native” IP address and
port number before NAT for outgoing packets and after NAT for incoming packets. On the other hand,
the generic (or device) filters are applied to the raw packets that appear on the wire. They are applied
at the point where the Prestige is receiving and sending the packets; for instance, the interface. The
interface can be an Ethernet, or any other hardware port. The following figure illustrates this.
replaced on a connection-by-connection basis, which makes it impossible to know the exact address
and port on the wire. Therefore, the Prestige applies the protocol filters to the “native” IP address and
port number before NAT for outgoing packets and after NAT for incoming packets. On the other hand,
the generic (or device) filters are applied to the raw packets that appear on the wire. They are applied
at the point where the Prestige is receiving and sending the packets; for instance, the interface. The
interface can be an Ethernet, or any other hardware port. The following figure illustrates this.
Figure 30-10 Protocol and Device Filter Sets
30.6 Example Filter
Let’s look at an example to block outside users from telnetting into the Prestige.