ZyXEL Communications P-334WT Support Notes page 117

Filter Example
A filter for blocking the FTP connections from WAN
Introduction
The P-334WT supports the firmware and configuration files upload using FTP connections via LAN and
WAN. So, it is possible that anyone can make a FTP connection over the Internet to your P-334WT. To
prevent outside users from connecting to your P-334WT via FTP, you can configure a filter to block
FTP connections from WAN.
Before you begin
Before configuring a filter, you need to know the following information:
1. The inbound packet type (protocol & port number): In this case, it is TCP(06) protocol with
port 20 or 21.
2. The source IP address: In this case, we block all connections from outside so the source IP is
0.0.0.0.
3. The destination IP address: It is the P-334WT's IP address, but it is not available in SUA case
since most WAN IP address is dynamically assigned by the ISP. So, we can only enter 0.0.0.0 as
the destination IP in the filter rule. Once 0.0.0.0 is set as the destination IP, no FTP connections
are allowed to reach the P-334WT nor the FTP server on the LAN. For the LAN-to-LAN
connection, you enter the P-334WT's LAN IP as the destination IP in the filter rule. After the
FTP filter is applied to the remote node, it only blocks the FTP connection to the P-334WT but
still permits the FTP connection to the local FTP server.
Configuration
Create a filter set in Menu 21, e.g., set 4
Create two filter rules in Menu 21.4.1 and Menu 21.4.2
Apply the filter set in remote node, Menu 11
Create a filter set in Menu 21
Rule 1- block the inbound FTP packet, TCP (06) protocol with port number 20
Rule 2- block the inbound FTP packet, TCP (06) protocol with port number 21