Device filter rule, 2 device filter rule, Figure 10-7 executing an ip filter – ZyXEL Communications Prestige 1600 User Manual

Prestige 1600 Universal Access Concentrator

Filter Configuration

10-9

Packet

into IP Filter

Matched

Matched

Yes

Action Matched

Action Not Matched

More?

No

Filter Active?

Check

IP Protocol

Drop

Drop Packet

Accept Packet

Drop

Forward

Check Next Rule

Check Next Rule

Check Next Rule

Forward

Not Matched

Yes

No

Check Src

IP Addr

Apply SrcAddrMask

to Src Addr

Matched

Check Dest

IP Addr

Apply DestAddrMask

to Dest Addr

Not Matched

Not Matched

Check Src &

Dest Port

Matched

Not Matched

Figure 10-7 Executing an IP Filter

10.5.2 Device Filter Rule

This section shows you how to configure a device filter rule. The purpose of device rules is to allow you to filter
non-IP/IPX packets. For IP and IPX, it is generally easier to use the protocol rules directly.

For Device rules, the Prestige treats a packet as a byte stream as opposed to an IP or IPX packet. You specify the
portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes. The Prestige applies
the Mask (bit-wise ANDing) to the data portion before comparing the result against the Value to determine a match.
The Mask and Value are specified in hexadecimal numbers. Note that it takes two hexadecimal digits to represent a
byte, so if the length is 4, the value in either field will take 8 digits, e.g.,

FFFFFFFF

.

To configure a device rule, select Device Filter Rule in the Filter Type field and press [ENTER] to open Menu
21.1.1 - Device Filter Rule, as shown below.