ZyWALL User's Guide
Chapter 29 IDP
ZyWALL USG 100/200 Series User’s Guide
510
The rule header contains the rule's:
• Action
•Protocol
• Source and destination IP addresses and netmasks
• Source and destination ports information.
The rule option section contains alert messages and information on which parts of the packet
should be inspected to determine if the rule action should be taken.
These are some equivalent Snort terms in the ZyWALL.
Table 163 ZyWALL - Snort Equivalent Terms
ZYWALL TERM SNORT EQUIVALENT TERM
Type Of Service tos
Identification id
Fragmentation fragbits
Fragmentation Offset fragoffset
Time to Live ttl
IP Options ipopts
Same IP sameip
Transport Protocol
Transport Protocol: TCP
Port (In Snort rule header)
Flow flow
Flags flags
Sequence Number seq
Ack Number ack
Window Size window
Transport Protocol: UDP (In Snort rule header)
Port (In Snort rule header)
Transport Protocol: ICMP
Type itype
Code icode
ID icmp_id
Sequence Number icmp_seq
Payload Options (Snort rule options)
Payload Size dsize
Offset (relative to start of payload) offset
Relative to end of last match distance
Content content
Case-insensitive nocase
Decode as URI uricontent