beautypg.com

Filter commands, Table 189 filter commands – ZyXEL Communications 802.11g Wireless ADSL2+ 4-port VoIP IAD P-2602HWNLI User Manual

Page 431

background image

P-2602HWNLI User’s Guide

Appendix I Commands

431

• The firewall performs better than filtering if you need to check many rules.
• Use the firewall if you need routine e-mail reports about your system or need to be alerted

when attacks occur.

• The firewall can block specific URL traffic that might occur in the future. The URL can

be saved in an Access Control List (ACL) database.

Filter Commands

The following describes the filter commands.

Table 189 Filter Commands

COMMAND

DESCRIPTION

sys filter set

index [set#] [rule#]

Set the index number of a filter set rule. You must use this

command first before you begin to configure the filter rule.

name [set name]

Set the name of a filter set.

type [tcpip | generic]

Set the type of filter rule

enable

Enable the rule.

disable

Disable the rule.

protocol [protocol #]

Set the protocol ID of the rule.

sourceroute [yes|no]

IP Source Route is an optional header that dictates the route

an IP packet takes from its source to its destination. If set to

yes, the rule applies to any packet with an IP source route. The

majority of IP packets do not have source route.

destip [address]

[subnet mask]

Set the destination IP address and subnet mask of the rule.

destport [port#]

[compare type =

none|equal|notequal|l

ess|greater]

Set the destination port and type of comparison to apply to the

destination port in the packet. Possible comparisons are 0

(none), 1 (equal), 2 (not equal), 3 (less) or 4(greater).

srcip [address]

[subnet mask]

Set the source IP address and subnet mask.

srcport [port#]

[compare type =

none|equal|not

equal|less|greater]

Set the source port and type of comparison to apply to the

destination port in the packet. Possible comparisons are 0

(none), 1 (equal), 2 (not equal), 3 (less) or 4(greater).

tcpEstab [yes|no]

This applies only when the IP Protocol field is 6, TCP. If Yes,

the rule matches packets that want to establish TCP

connection(s) (SYN=1 and ACK=0); else it is ignored.

more [yes|no]

Set the more option to yes/no. If yes, a matching packet is

passed to the next filter rule before an action is taken or else

the packet is disposed of according to the action fields.
If the more option is yes, then action matched and action not

matched will be N/A.

log [type 0-3= none |

match| notmatch |

both ]

Set the log type (it could be 0-3 =none, match, not match,

both).

actmatch[type 0-2 =

checknext | forward |

drop]

Set the action for packets that match the filter rule.