2 generic filter rule, Figure 122 executing an ip filter – ZyXEL Communications ADSL2+ Ethernet/USB Gateway 660RU-Tx Series User Manual

Prestige 660RU-Tx Series User’s Guide

185

Chapter 22 Filter Configuration

Figure 122 Executing an IP Filter

22.4.2 Generic Filter Rule

This section shows you how to configure a generic filter rule. The purpose of generic rules is
to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly.

For generic rules, the Prestige treats a packet as a byte stream as opposed to an IP packet. You
specify the portion of the packet to check with the Offset (from 0) and the Length fields, both
in bytes. The Prestige applies the Mask (bit-wise ANDing) to the data portion before
comparing the result against the Value to determine a match. The Mask and Value fields are
specified in hexadecimal numbers. Note that it takes two hexadecimal digits to represent a
byte, so if the length is 4, the value in either field will take 8 digits, for example, FFFFFFFF.

Packet

into IP Filter

Matched

Matched

Yes

Action Matched

Action Not Matched

More?

No

Filter Active?

Check

IP Protocol

Drop

Drop Packet

Accept Packet

Drop

Forward

Check Next Rule

Check Next Rule

Check Next Rule

Forward

Not Matched

Yes

No

Check Src

IP Addr

Apply SrcAddrMask

to Src Addr

Matched

Check Dest

IP Addr

Apply DestAddrMask

to Dest Addr

Not Matched

Not Matched

Check Src &

Dest Port

Matched

Not Matched