![background image](/i/zyxel/144701/zyxel-zywall-2wg-ee/h/zyxel-zywall-2wg-ee-619.png)
Chapter 41 Filter Configuration
ZyWALL 2WG User’s Guide
619
The following figure illustrates the logic flow of an IP filter.
Port # Comp
Press [SPACE BAR] and then [ENTER] to select the comparison to apply to the
destination port in the packet against the value given in
Destination: Port #
.
Options are
None
,
Equal
,
Not Equal
,
Less
and
Greater
.
Source
IP Addr
Enter the source IP Address of the packet you wish to filter. This field is ignored if it
is 0.0.0.0.
IP Mask
Enter the IP mask to apply to the
Source: IP Addr
.
Port #
Enter the source port of the packets that you wish to filter. The range of this field is 0
to 65535. This field is ignored if it is 0.
Port # Comp
Press [SPACE BAR] and then [ENTER] to select the comparison to apply to the
source port in the packet against the value given in
Source: Port #
.
Options are
None
,
Equal
,
Not Equal
,
Less
and
Greater
.
TCP Estab
This field is applicable only when the IP Protocol field is 6, TCP. Press [SPACE
BAR] and then [ENTER] to select
Yes
, to have the rule match packets that want to
establish a TCP connection (SYN=1 and ACK=0); if
No
, it is ignored.
More
Press [SPACE BAR] and then [ENTER] to select
Yes
or
No
. If
Yes
, a matching
packet is passed to the next filter rule before an action is taken; if
No
, the packet is
disposed of according to the action fields.
If
More
is
Yes
, then
Action Matched
and
Action Not Matched
will be
N/A
.
Log
Press [SPACE BAR] and then [ENTER] to select a logging option from the following:
None
– No packets will be logged.
Action Matched
- Only packets that match the rule parameters will be logged.
Action Not Matched
- Only packets that do not match the rule parameters will be
logged.
Both
– All packets will be logged.
Action Matched
Press [SPACE BAR] and then [ENTER] to select the action for a matching packet.
Options are
Check Next Rule
,
Forward
and
Drop
.
Action Not
Matched
Press [SPACE BAR] and then [ENTER] to select the action for a packet not
matching the rule.
Options are
Check Next Rule
,
Forward
and
Drop
.
When you have
Menu 21.1.1.1 - TCP/IP Filter Rule
configured, press [ENTER] at the message “Press
ENTER to Confirm” to save your configuration, or press [ESC] to cancel. This data will now be
displayed on
Menu 21.1.1 - Filter Rules Summary
.
Table 230
Menu 21.1.1.1: TCP/IP Filter Rule
FIELD
DESCRIPTION