Figure 31-1 Outgoing Packet Filtering Process - ZyXEL Communications ZyWall 10 User Manual

ZyWALL 10~100 Series Internet Security Gateway
Outgoing
Packet
For incoming packets, your ZyWALL applies data filters only. Packets are processed depending upon
whether a match is found. The following sections describe how to configure filter sets.
The Filter Structure of the ZyWALL
31.1.1
A filter set consists of one or more filter rules. Usually, you would group related rules, e.g., all the rules for
NetBIOS, into a single set and give it a descriptive name. The ZyWALL allows you to configure up to
twelve filter sets with six rules in each set, for a total of 72 filter rules in the system. You cannot mix device
filter rules and protocol filter rules within the same set. You can apply up to four filter sets to a particular
port to block multiple types of packets. With each filter set having up to six rules, you can have a maximum
of 24 rules active for a single port.
Sets of factory default filter rules have been configured in menu 21 to prevent NetBIOS traffic from
triggering calls and to prevent incoming telnet sessions. A summary of their filter rules is shown in the
figures that follow.
The following figure illustrates the logic flow when executing a filter rule. See also Figure 31-7 for the
logic flow when executing an IP filter.
31-2
No
match
Data
Call Filters
Filtering
Match
Drop Drop packet
packet if line not up

Figure 31-1 Outgoing Packet Filtering Process

Call Filtering
No
Built-in
User-defined
match
default
Call Filters
(if applicable)
Match
Drop packet
if line not up
Or
Send packet
but do not reset
Idle Timer
Active Data
No
match
Initiate call
if line not up
Match
Or
Send packet
but do not reset
Idle Timer
Filter Configuration
Send packet
and reset
Idle Timer