Filter structure – ZyXEL Communications Internet Security Gateway ZyWALL 2 Series User Manual

ZyWALL 2 Series User’s Guide

30-2

Filter Configuration

Figure 30-1 Outgoing Packet Filtering Process

For incoming packets, your ZyWALL applies data filters only. Packets are processed depending upon
whether a match is found. The following sections describe how to configure filter sets.

30.1.1

Filter Structure

A filter set consists of one or more filter rules. Usually, you would group related rules, e.g., all the rules for
NetBIOS, into a single set and give it a descriptive name. The ZyWALL allows you to configure up to twelve
filter sets with six rules in each set, for a total of 72 filter rules in the system. You cannot mix device filter
rules and protocol filter rules within the same set. You can apply up to four filter sets to a particular port to
block multiple types of packets. With each filter set having up to six rules, you can have a maximum of 24
rules active for a single port.

Sets of factory default filter rules have been configured in menu 21 to prevent NetBIOS traffic from
triggering calls and to prevent incoming telnet sessions. A summary of their filter rules is shown in the
figures that follow.

The following figure illustrates the logic flow when executing a filter rule. See also Figure 30-6 for the logic
flow when executing an IP filter.

Data

Outgoing

Packet

Drop

packet

Built-in
default

Call Filters

User-defined

Call Filters

(if applicable)

Initiate call

if line not up

Active Data

Send packet

and reset

Idle Timer

Or

Or

Drop packet
if line not up

Drop packet
if line not up

Send packet

but do not reset

Idle Timer

Send packet

but do not reset

Idle Timer

Match

Match

Match

No

match

No

match

No

match

Call Filtering