P-660 series Support Notes
17. What are Device filters and Protocol filters?
In ZyNOS, the filters have been separated into two groups. One group is called
'device filter group', and the other is called 'protocol filter group'. Generic filters
belong to the 'device filter group', TCP/IP and IPX filters belong to the 'protocol filter
group'.
18. Why can't I configure device filters or protocol filters?
In ZyNOS, you can not mix different filter groups in the same filter set.
19. How can I protect against IP spoofing attacks?
The Prestige's filter sets provide a means to protect against IP spoofing attacks. The
basic scheme is as follows:
For the input data filter:
• Deny packets from the outside that claim to be from the inside
• Allow everything that is not spoofing us
Filter rule setup:
• Filter type =TCP/IP Filter Rule
• Active =Yes
• Source IP Addr =a.b.c.d
• Source IP Mask =w.x.y.z
• Action Matched =Drop
• Action Not Matched =Forward
Where a.b.c.d is an IP address on your local network and w.x.y.z is your netmask:
For the output data filters:
• Deny bounceback packet
• Allow packets that originate from us
Filter rule setup:
• Filter Type =TCP/IP Filter Rule
• Active =Yes
• Destination IP Addr =a.b.c.d
• Destination IP Mask =w.x.y.z
• Action Matched =Drop
• Action No Matched =Forward
10
All contents copyright © 2005 ZyXEL Communications Corporation.
To Next Page
Loading...
