Draytek 2900 User Manual

Vigor2900 Series User’s Guide

77

Pass or Block

Specifies the action to be taken when packets match the rule.

Block Immediately - Packets matching the rule will be dropped
immediately.
Pass Immediately - Packets matching the rule will be passed
immediately.
Block If No Further Match - A packet matching the rule, and that
does not match further rules, will be dropped.
Pass If No Further Match - A packet matching the rule, and that
does not match further rules, will be passed through.

Branch to other Filter
Set

If the packet matches the filter rule, the next filter rule will branch
to the specified filter set. Select next filter rule to branch from the
drop-down menu.

Only the item of Block If No Further Match or Pass If No
Further Match is selected as the Pass or Block action, the system
will continue for inspection according to the specified filter set.

Log

Check this box to enable the log function. Use the Telnet command
log-f to view the logs.

Keep State

It is used for Data Filter only. Keep State is in the same nature of
modern term Stateful Packet Inspection. If enabled, this rule will be
added to State table when it is matched by a packet. When other
packets in the same session as the matched packet is applied to Data
Filer, they will be checked against the rules in State table first. If
matched, they can pass immediately without having to check any
rule in Data Filter. Only ICMP, TCP and UDP protocols can be
added to State table.

Direction

Set the direction of packet flow. It is for Data Filter only. For the
Call Filter, this setting is neglected since Call Filter is only applied
to outgoing traffic.
IN - Specify the rule of filtering incoming packets.
OUT - Specify the rule of filtering outgoing packets.

Protocol

Specify the protocol(s) which this filter rule will apply to.

Fragments

Specify the action for fragmented packets. And it is used for Data
Filter only.