3 configuring a generic filter rule – ZyXEL Communications ZyXEL ZyAIR 100 User Manual
Page 415
ZyWALL 10~100 Series Internet Security Gateway
Filter Configuration
31-11
31.2.3 Configuring a Generic Filter Rule
This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you
to filter non-IP packets. For IP, it is generally easier to use the IP rules directly.
For generic rules, the ZyWALL treats a packet as a byte stream as opposed to an IP or IPX packet. You
specify the portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes. The
ZyWALL applies the Mask (bit-wise ANDing) to the data portion before comparing the result against the
Value to determine a match. The Mask and Value are specified in hexadecimal numbers. Note that it takes
two hexadecimal digits to represent a byte, so if the length is 4, the value in either field will take 8 digits,
for example, FFFFFFFF.
To configure a generic rule, select Generic Filter Rule in the Filter Type field in menu 21.1.4.1 and
press [ENTER] to open Generic Filter Rule, as shown below.
Figure 31-8 Menu 21.1.4.1: Generic Filter Rule
The following table describes the fields in the Generic Filter Rule menu.
Table 31-4 Generic Filter Rule Menu Fields
FIELD
DESCRIPTION
OPTIONS
Filter #
This is the filter set, filter rule co-ordinates, i.e., 2,3 refers to the second
filter set and the third rule of that set.
Menu 21.1.4.1 - Generic Filter Rule
Filter #: 4,1
Filter Type= Generic Filter Rule
Active= No
Offset= 0
Length= 0
Mask= N/A
Value= N/A
More= No Log= None
Action Matched= Check Next Rule
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.