4 filter types and sua, 5 applying a filter and factory defaults – ZyXEL Communications Prestige 643 User Manual

Prestige 643 ADSL Router

Filter Configuration

8-21

8.4 Filter Types and SUA

There are two types of filter rules, Device Filter (Generic) rules and Protocol Filter (TCP/IP and IPX) rules.
Device Filter rules act on the raw data from/to LAN and WAN. Protocol Filter rules act on the IP and IPX
packets. When NAT/SUA (Network Address Translation/Single User Account) is enabled, the inside IP
address and port number are replaced on a connection-by-connection basis, which makes it impossible to
know the exact address and port on the wire. Therefore, the Prestige applies the protocol filters to the
“native” IP address and port number before NAT/SUA for outgoing packets and after NAT/SUA for
incoming packets. On the other hand, the generic, or device filters are applied to the raw packets that
appear on the wire. They are applied at the point when the Prestige is receiving and sending the packets; i.e.
the interface. The interface can be an Ethernet, or any other hardware port. The following diagram
illustrates this.

Figure 8-16 Protocol and Device Filter Sets

8.5 Applying a Filter and Factory Defaults

This section shows you where to apply the filter(s) after you design it (them). Sets of factory default filter
rules have been configured in Menu 21 (but have not been applied) to filter telnet, FTP, NetBIOS and
PPPoE traffic. The PPPoE filter filters out all packets except PPPoE packets going out from the Prestige to
the ISP or remote node.