ZyXEL p-662h-61 Guia Do Utilizador
Prestige 662HW Series User’s Guide
369
Chapter 36 Filter Configuration
Figure 212 Executing an IP Filter
36.4.2 Generic Filter Rule
This section shows you how to configure a generic filter rule. The purpose of generic rules is
to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly.
to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly.
For generic rules, the Prestige treats a packet as a byte stream as opposed to an IP packet. You
specify the portion of the packet to check with the Offset (from 0) and the Length fields, both
in bytes. The Prestige applies the Mask (bit-wise ANDing) to the data portion before
comparing the result against the Value to determine a match. The Mask and Value fields are
specified in hexadecimal numbers. Note that it takes two hexadecimal digits to represent a
byte, so if the length is 4, the value in either field will take 8 digits, for example, FFFFFFFF.
specify the portion of the packet to check with the Offset (from 0) and the Length fields, both
in bytes. The Prestige applies the Mask (bit-wise ANDing) to the data portion before
comparing the result against the Value to determine a match. The Mask and Value fields are
specified in hexadecimal numbers. Note that it takes two hexadecimal digits to represent a
byte, so if the length is 4, the value in either field will take 8 digits, for example, FFFFFFFF.
Packet
into IP Filter
Matched
Matched
Yes
Action Matched
Action Not Matched
More?
No
Filter Active?
Check
IP Protocol
Drop
Drop Packet
Accept Packet
Drop
Forward
Check Next Rule
Check Next Rule
Check Next Rule
Forward
Not Matched
Yes
No
Check Src
IP Addr
Apply SrcAddrMask
to Src Addr
Matched
Check Dest
IP Addr
Apply DestAddrMask
to Dest Addr
Not Matched
Not Matched
Check Src &
Dest Port
Matched
Not Matched