beautypg.com

Zilog EZ80F91GA User Manual

Page 44

background image

ZGATE Configuration

UM024502-1012

32

ZGATE Embedded Security Development Kit
User Manual

BLACKLIST

If the filtering mode is set to NONE, ZGATE does not use the corresponding

Filter_Type

parameter when deciding if inbound packets should be filtered. If a partic-

ular

Filter_Type

is set to NONE, the ZGATE API, shell and web commands to add/

remove entries from the

Filter_Type

static filtering list do nothing.

If

Filter_Mode

is either WHITELIST or BLACKLIST then for each inbound packet

ZGATE will extract the

Filter_Type

field from the inbound packet (if applicable) and

scan the corresponding

Filter_Type

static filtering list for a matching entry. The packet

is then forwarded to ZTP for processing or discarded based on the filtering mode and
whether a matching entry was found:

If

Filter_Mode

is BLACKLIST, then ZGATE discards the packet if a matching entry

was found; otherwise the packet is routed to ZTP for processing.

If

Filter_Mode

is WHITELIST, then ZGATE only forwards the packet to ZTP if a

matching entry was found; otherwise the packet is discarded.

The filtering mode (

Filter_Mode

) of all ZGATE

Filter_Type

filters cannot be

changed at run time. There is no ZGATE API, shell command or web interface that will
allow the operator to change a filter’s filtering mode.

Static Filtering Rules

Static filtering rules are used to populate one of the static filtering lists. The format of a
static filtering rules record is:

"R" "," "," "," < List_Name>

","

In the above string,

is a monotonically increasing number assigned to

the rule by the creator of the file. ZGATE does not use, examine or validate this value.

must match the filtering mode specified in the corresponding static filter

configuration record.

is either ENABLED or DISABLED. ZGATE will only process the filtering rule

if

is set to ENABLED; otherwise ZGATE ignores the rule.

must represent one of the following parameters:

ETH_ADDR.

Defines static filtering list entries for the ETH_ADDR_FILTER.

ETH_FRAME.

Defines static filtering list entries for the ETH_FRAME_FILTER.

IP_ADDR.

Defines static filtering list entries for the IP_SRC_ADDR_FILTER.

IP_PROT.

Defines static filtering list entries for the IP_PROTOCOL _FILTER.

Note:

See also other documents in the category Zilog Sensors: