Filter Example

A filter for blocking the FTP connections from WAN


The ZyAIR supports the firmware and configuration files upload using FTP connections via LAN and WAN. So, it is possible that anyone can make a FTP connection over the Internet to your ZyAIR. To prevent outside users from connecting to your ZyAIR via FTP, you can configure a filter to block FTP connections from WAN.

Before configuring a filter, you need to know the following information:

  1. The inbound packet type (protocol & port number): In this case, it is TCP(06) protocol with port 20 or 21.
  2. The source IP address: In this case, we block all connections from outside so the source IP is 0.0.0.0.
  3. The destination IP address:  It is the ZyAIR's IP address, but it is not available in SUA case since most WAN IP address is dynamically assigned by the ISP. So, we can only enter 0.0.0.0 as the destination IP in the filter rule. Once 0.0.0.0 is set as the destination IP, no FTP connections are allowed to reach the ZyAIR nor the FTP server on the LAN. For the LAN-to-LAN connection, you enter the ZyAIR's LAN IP as the destination IP in the filter rule. After the FTP filter is applied to the remote node, it only blocks the FTP connection to the ZyAIR but still permits the FTP connection to the local FTP server.


All contents copyright © 2004 ZyXEL Communications Corporation.