User`s guide

P-793H v2 Support Notes

15. What are Device filters and Protocol filters?

In ZyNOS, the filters have been separated into two groups. One group is called

'device filter group', and the other is called 'protocol filter group'. Generic

filters belong to the 'device filter group', TCP/IP and IPX filters belong to the

'protocol filter group'. You can configure the filter rule in SMT.

Note: In ZyNOS, you can not mix different filter groups in the same filter set.

16. How can I protect against IP spoofing attacks?

The P-793H v2's filter sets provide a means to protect against IP spoofing

attacks. The basic scheme is as follows:

For the input data filter:



Deny packets from the outside that claim to be from the inside



Allow everything that is not spoofing us

Filter rule setup:



Filter type =TCP/IP Filter Rule



Active =Yes



Source IP Addr =a.b.c.d



Source IP Mask =w.x.y.z



Action Matched =Drop



Action Not Matched =Forward

Where a.b.c.d is an IP address on your local network and w.x.y.z is your

netmask:

For the output data filters:



Deny bounce back packet